Cross-site Scripting Vulnerability in Microsoft SharePoint Server 2007

2010-04-12T00:00:00
ID HTB22350
Type htbridge
Reporter High-Tech Bridge
Modified 2010-04-12T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Microsoft SharePoint Server 2007 which could be exploited to perform cross-site scripting attacks.

1) Cross-site scripting vulnerability in Microsoft SharePoint Server 2007: CVE-2010-0817
An input sanitation error was found in the "cid0" parameter in /_layouts/help.aspx. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.

Exploitation example:

http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert% 28%27XSS%27%29%3C/script%3E&tid=X