MS15-099 - Sharepoint XSS

Recently during a review of Sharepoint, I came across a vulnerability discovered by the Fortinet team and published on their blog here: The post contained information on what a successful exploit would look like, but provided no final exploit for verification or testing. After a bit of review, I found the following POC code which, when triggered, shows a simple alert dialog box: http"http://"http://onmouseover=alert(... Read More »