MS sharepoint 2007 XSS vulnerability detection rule

vulnerability blog

http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html

detection rule

alert tcp any any -> any $HTTP_PORT (msg:MS sharepoint 2007 XSS vulnerability; uricontent:”/|5f|layouts/help.aspx”; uricontent:”cid0″; uricontent:”script”; pcre:”/\x2f\x5flayouts\x2fhelp\x2easpx\x3f[^\r\n]+cid0[^\r\n]+script/i”;)

there is an exception that there is no javascript after “script”

this vulnerability just affect MS Sharepoint

Advertisements

About this entry