Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This SharePoint vulnerability is one of the top routinely exploited vulnerabilities. An attacker must create custom exploit code and XML-serialized payload, which can be difficult to create. But a successful exploit can enable remote code execution (RCE), providing access to sensitive files and a pivot point to the internal network.
Kill Chain
Risk Score
71
Developers can create custom applications built on the Microsoft ASP.NET framework for their Microsoft SharePoint deployments. A vulnerable Active Server Pages Extended (ASPX) web page generated by ASP.NET, Picker.aspx, has hidden form fields that allow for user-supplied input. SharePoint has an XML-deserialization vulnerability where SharePoint fails to check serialized data sent to those form fields. Serialized data can be converted into different file formats, such as XML or Java. An attacker creates an HTTP POST request with malicious form data and payloads and sends the request to the target ASPX page. A specific combination of the serialized data and form parameters results in RCE. The code runs with privileges associated with the SharePoint application pool and the SharePoint server farm account.
