❌
There are new articles available, click to refresh the page.
Yesterday β€” 26 November 2022Vulnerabily Research

Microsoft SharePoint Server Post-Authentication Server-Side Request Forgery vulnerability

25 October 2022 at 00:00
Overview Disclaimer: No anime characters or animals were harmed during the research. The bug had been fixed but it did not meet that criterion required to get CVE. Recently, we have found a Server-Side Request Forgery (SSRF) in Microsoft SharePoint Server 2019 which allows remote authenticated users to send HTTP(S) requests to arbitrary URL and read the responses. The endpoint <site>/_api/web/ExecuteRemoteLOB is vulnerable to Server-Side Request Forgery (SSRF). The HTTP(S) request is highly customizable in request method, path, headers and bodies.
❌
❌