Microsoft SharePoint SSI / ViewState Remote Code Execution

Posted by deepcore on October 20, 2020 – 4:15 pm

This Metasploit module exploits a server-side include (SSI) in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The web.config file will be stored in loot once retrieved, and the VALIDATION_KEY option can be set to short-circuit the SSI and trigger the ViewState deserialization.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://thamuang101.go.th/new.html Chrome USB::OnServiceConnectionError Use-After-Free »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Microsoft SharePoint SSI / ViewState Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL