all InfoSec news
CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
Malware Analysis, News and Indicators - Latest topics malware.news
Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun to exploit and exfiltrate data (or do other nasty things) in real environments, but in the vulnerability research world, you typically find them, report them, and forget about them.
So why am …
abusing blog bug cloud cve cve-2024 discovery exciting exploit external found general injection may microsoft parsing server sharepoint technical terms url vulnerabilities vulnerability xml xxe yes