sharepoint-xss.txt

2007-05-08T00:00:00
ID PACKETSTORM:56501
Type packetstorm
Reporter Solarius
Modified 2007-05-08T00:00:00

Description

                                        
                                            `Hi!  
I think this is a XSS in MS SharePoint, you can reproduce it in SharePoint test server using for example following url:  
  
http://www.example.com/sharepoint/default.aspx/%22);}if(true){alert(%22qwertytis  
  
This is due a lack of string stripping when putting the path into javascript.  
  
It seems to work at least on every main page.  
  
I tried to check for this in the web, but I didn't found this hole anywhere.  
  
--   
Regards,  
Solarius - http://www.solarius.name  
`