CVE-2024-30043: Abusing URL Parsing Confusion To Exploit XXE On Sharepoint Server And Cloud


Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that the author found in SharePoint.

The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun to exploit and exfiltrate data (or do other nasty things) in real environments, but in the vulnerability research world, you typically find them, report them, and forget about them. So why the author is writing a blog post about an XXE? They have two reasons: 1. It affects SharePoint, both on-prem and cloud instances, which is a nice target. This vulnerability can be exploited by a low-privileged user. 2. This is one of the craziest XXEs that they have ever seen (and found), both in terms of vulnerability discovery and the method of triggering.

Read more…
Source: Zero Day Initiative


Sign up for our Newsletter


Related:

  • Electron critical vulnerability strikes app developers

    January 24, 2018

    A critical vulnerability affecting Electron desktop apps has been disclosed. Electron is a node.js, V8, and Chromium framework created for the development of cross-platform desktop apps with JavaScript, HTML, and CSS. Compatible with Mac, Linux, and Windows operating systems, the recently-discovered bug impacts Windows alone. The critical vulnerability affects Electron apps which use custom protocol handlers. Assigned the identifier CVE-2018-1000006, the vulnerability ...

  • Now Meltdown patches are making industrial control systems lurch

    January 15, 2018

    Patches for the Meltdown vulnerability are causing stability issues in industrial control systems. SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains. Read ...

  • CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

    January 9, 2018

    Microsoft’s workaround to protect Windows computers from the Intel processor security flaw dubbed Meltdown has revealed the rootkit-like nature of modern security tools. Some anti-malware packages are incompatible with Redmond’s Meltdown patch, released last week, because the tools make, according to Microsoft, “unsupported calls into Windows kernel memory,” crashing the system with a blue screen of death. In extreme ...

  • Triple Meltdown: How So Many Researchers Found A 20-Year-Old Chip Flaw At The Same Time.

    January 7, 2018

    On a cold Sunday early last month in the small Austrian city of Graz, three young researchers sat down in front of the computers in their homes and tried to break their most fundamental security protections. Two days earlier, in their lab at Graz’s University of Technology, Moritz Lipp, Daniel Gruss, and Michael Schwarz had determined to ...

  • Rush to fix ‘serious’ computer chip flaws

    January 4, 2018

    Tech firms are working to fix two bugs that could allow hackers to steal personal data from computer systems. Google researchers said one of the “serious security flaws”, dubbed “Spectre”, was found in chips made by Intel, AMD and ARM. The other, known as “Meltdown” affects Intel-made chips alone. The industry has been aware of the problem for ...

  • Satori IoT botnet malware code given away for Christmas

    January 2, 2018

    A hacker has released the working code for a Huawei router exploit used by the Satori botnet over the holiday season as a freebie for cyberattackers seeking to target Huawei devices or bolster botnets. According to NewSky Security principal researcher Ankit Anubhav, the exploit’s code was released on Pastebin over the holiday season. Read more… Source: ZDNet