Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution
Posted by deepcore on June 18, 2021 – 11:03 pm
The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.
Post a reply
You must be logged in to post a comment.