Microsoft SharePoint Server 远程代码执行漏洞(CVE-2021-28474)

In May of 2021, Microsoft released a patch to correct CVE-2021-28474, a remote code execution bug in supported versions of Microsoft SharePoint Server. This bug was reported to ZDI by an anonymous researcher and is also known as ZDI-21-574. This blog takes a deeper look at the root cause of this...

Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://microsoft.com/sharepoint/webpartpages', 'soap' = 'http://www.w3.org/2003/05/soap-envelope', 'xsi' =...

Microsoft SharePoint远程代码执行漏洞（CVE-2021-31181）

CVE-2021-31181: MICROSOFT SHAREPOINT WEBPART INTERPRETATION CONFLICT REMOTE CODE EXECUTION VULNERABILITY June 02, 2021 | The ZDI Research Team In May of 2021, Microsoft released a patch to correct CVE-2021-31181 – a remote code execution bug in the supported versions of Microsoft SharePoint Serve...

CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability Recent assessments: zeroSteiner at June 09, 2021 3:31pm UTC reported: The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user-supplied data. This can be leveraged by an attacker to leak sensitive information in...