CVE-2021-28474: SHAREPOINT RCE VIA SERVER-SIDE CONTROL INTERPR | PT SWARM
CVE-2021-28474:SHAREPOINT RCE VIA SERVER-SIDE CONTROL INTERPRETATION CONFLICT by @thezdi
The vulnerability allows authenticated users to execute arbitrary .NET code on the server in the context of the service account of the SharePoint web application. By default, authenticated SharePoint users have all necessary permissions.
Contents: • The Vulnerability • Exploitation • Proof of Concept • Getting Remote Code Execution • Conclusion
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...