Sharepoint online cross-site scripting vulnerability È stato salvato
Article
Sharepoint online cross-site scripting vulnerability
31-07-2019
Affected Product: SharePoint online
Credits: Vulnerability discovered by Claudio Cinquino
Executive Summary
Using a specially crafted HTTP request, it is possible to exploit a lack in the neutralization of the pages output which includes the user submitted content.
Successful exploitation of the vulnerabilities, results in the execution of arbitrary HTML and javascript code in user’s browser in context of the vulnerable SharePoint trough a “Reflected XSS”
Proof of Concept
An authenticated user with editor privileges can have the possibility to insert malicious code (html/javascript) and run it later.
The Reflected XSS vulnerability was discovered in the Microsoft Forms Module.
The authenticated editor user can create a new module with Microsoft forms and with a specially crafted payload it can execute arbitrary javascript code.
Disclosure Timeline
13/02/2019 – Vulnerability Discovered
13/02/2019 – Initial vendor notification
06/05/2019 – The vendor fixed the vulnerability
20/05/2019 – The vendor published Online Service Acknowledgements
References
[1] https://portal.msrc.microsoft.com/en-us/security-guidance/researcher-acknowledgments-online-services (April 2019)