« Back to home

MS15-099 - Sharepoint XSS

Recently during a review of Sharepoint, I came across a vulnerability discovered by the Fortinet team and published on their blog here:


The post contained information on what a successful exploit would look like, but provided no final exploit for verification or testing.

After a bit of review, I found the following POC code which, when triggered, shows a simple alert dialog box:


This vulnerability leverages Sharepoint's ability to automatically create links for an entered URL, for example if entered into a "Notes" field, or "Title" field.