module
Microsoft SharePoint Unsafe Control and ViewState RCE
| Disclosed | Created |
|---|---|
| 2021-05-11 | 2021-06-16 |
Disclosed
2021-05-11
Created
2021-06-16
Description
The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This
can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will
leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution
when deserialized.
Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.
can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will
leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution
when deserialized.
Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.
Authors
Unknown
Spencer McIntyre
wvu wvu@metasploit.com
Spencer McIntyre
wvu wvu@metasploit.com
Platform
Windows
Architectures
cmd, x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.