giovedì 18 agosto 2011

Sharepoint ASPX ... it's open source

What Microsoft said about SharePoint 2007 Server page source security : http://support.microsoft.com/kb/976829

What Microsoft forgot about it ?
SharePoint Team Services stores a variety of files in its backend database. These files include site templates, custom ASP.NET pages and documents that users of the application upload to the document libraries.

http://server/_layouts/download.aspx?SourceUrl=/Pages/Default.aspx&Source=http://server/Pages/Default.aspx&FldUrl=

Insufficient validation in the input parameters of the download facility can result in the source code of ASP.NET files being disclosed. For example, the source code of the default ASP.NET page available after installing the product (http://server/Pages/Default.aspx) can be obtained by issuing the following request:
In order to retrieve the source code any file stored in the backend database (files whose path does not start with /_layout/) it is sufficient to craft a request that follows this pattern:
http://server/_layouts/download.aspx?SourceUrl=&Source=&FldUrl=

ENJOY ;p

Nessun commento:

Posta un commento