CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 30th, 2010

Microsoft SharePoint Cross-site Scripting Vulnerability Exposes Sensitive Data

Microsoft says it’s investigating a security flaw in older versions of its SharePoint Server product that an independent researcher says can easily expose sensitive data and user authentication credentials.

The XSS, or cross-site scripting, vulnerability has been confirmed in SharePoint Server 2007 and is likely also present in earlier versions of the content management system software, an advisory from High-Tech Bridge warned. It allows adversaries to inject malicious javascript into the application by appending commands to the address of the targeted system.

“The vulnerability exists due to failure in the ‘/_layouts/help.aspx’ script to properly sanitize user-supplied input in ‘cid0′ variable,” the advisory states. “Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.”

An example of a URL that will target the vulnerability is: http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X. High-Tech Bridge said they notified Microsoft of the bug on April 12, but only made the report public on Thursday.

A Microsoft spokeswoman said Thursday that researchers are in the process of drafting a security advisory that includes mitigation and workaround details. With 17 days notice, it’s unclear why Redmond’s security team didn’t already have that information ready to go.

XSS bugs are by far the most common form of vulnerability plaguing the web. Web masters and software makers often downplay them as insignificant, because the severity of many of them is minimal. But as breaches like the one experienced by the heavily fortified Apache Foundation demonstrate, they have the potential to serve as the chink that compromises an otherwise secure defense.

On Thursday, a separate advisory on the Future Musings blog warned of an XSS vulnerability in the iPhone’s Facebook app. “I’ve removed some of the technical details until Facebook has a chance to address this,” author Jon Wedell wrote. “Let’s just say you may want to avoid viewing ‘friend’s’ notes using the Facebook iPhone app for now.”

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Cross-site Scripting Vulnerability Found In MI5 Website By A Hacker
  • Cross-site Scripting Vulnerability On Yahoo’s HotJobs Site Exposes Yahoo Accounts
  • Cross-Site Scripting Vulnerability On Paypal Could Be Used In Phishing Attacks
  • Critical Flaws Patched In Opera 9.61, New Zero-day Vulnerability Remains Unpatched
  • Another Cross-Site Scripting Vulnerability On eBay Domain Sites Allows Phishing

    • Posted in Microsoft, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Friday, April 30th, 2010 at 3:36 am and is filed under Microsoft, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft SharePoint Cross-site Scripting Vulnerability Exposes Sensitive Data

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »