tags:xxesharepoint original link: CVE-2024-30043: Abusing URL Parsing Confusion To Exploit XXE On SharePoint Server And Cloud newsletter link: exploits.club Weekly Newsletter 24
Exploits Club Summary:
Now we werenât originally planning to include this write-up, since as the post notes âin the vulnerability research world, you typically find [XXEs], report them, and forget about them.â However, the post also notes, âthis is one of the craziest XXEs that I have ever seenâ, and so we would be doing you a disservice not to bring it to your attention. The core issue stems from a prohibition check being performed after the parameter entries have been processed, allowing for an Out-Of-Band XXE. The post then goes into exploitation and a nice demo.