tag:blogger.com,1999:blog-8539880144347728238.post3734826843445599444..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: From LOW to PWNED [6] SharePointUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-8539880144347728238.post-85057421755180825942013-07-30T05:17:02.183-04:002013-07-30T05:17:02.183-04:00Your posts are always useful and to the point.
Tho...Your posts are always useful and to the point.<br />Those low vulns are fantastic when meet critical ones..... <br />for example if you find a stored XSS in SharePoint it's fun to perform privilege escalation via those exposed WebServices...<br />that's a tiny POC... <a href="https://github.com/marcotinari/POCs/blob/master/PrivilegeEscalationPOC_CSSplusUSEFULFILE.aspx" rel="nofollow">https://github.com/marcotinari/POCs/blob/master/PrivilegeEscalationPOC_CSSplusUSEFULFILE.aspx</a><br /><br />Thanks for your great blog!!marcotinarihttps://www.blogger.com/profile/00881665738515548856noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-84470947637898960062012-05-09T17:06:50.041-04:002012-05-09T17:06:50.041-04:00Great points on the repercussions of low vulns. I ...Great points on the repercussions of low vulns. I think most low vulns get overlooked unless it is explained in the bigger picture. Yes it's only enumeration, but look at what that can lead to... My personal favourites for "low" risk vulnerabilities are clickjacking and CSRF. For example: http://trotmaster.blogspot.com/2012/05/csrf-improving-basic-attack.htmltrotmasterhttps://www.blogger.com/profile/15518304176955617619noreply@blogger.com