none
Web Vulnerability Scan on SharePoint 2013 RRS feed

  • Question

  • Hi,

    A security scan was conducted on our customer’s On-Premise SharePoint 2013 farm and the following vulnerabilities were found:

    1. Open redirection (DOM-based)

    <https>://<WWW>/WebResource.axd
    <https>://<MYSITE>/_layouts/15/init.js
    <https>://<MYSITE>/_layouts/15/mediaplayer.js
    <https>://<MYSITE>/personal/user1/_layouts/15/start.aspx
    <https>://<MYSITE>/WebResource.axd
    <https>://<MYSITE>/WebResource.axd
    <https>://<WWW>/_layouts/15/init.js
    <https>://<WWW>/WebResource.axd

    2. Link manipulation (DOM-based)

    <https>://<MYSITE>/_layouts/15/init.js
    <https>://<MYSITE>/_layouts/15/init.js
    <https>://<MYSITE>/personal/user1/_layouts/15/RssXslt.aspx
    <https>://<MYSITE>/personal/user1/_layouts/15/start.aspx
    <https>://<MYSITE>/personal/user1/_layouts/15/start.aspx
    <https>://<WWW>/_layouts/15/init.js

    Note

    <WWW> - Web Application hosting the Intranet application

    <MYSITE> - SharePoint My Site

    =========

    Is there any way to prove that above findings does not expose any threat?

    I have the scan details but I am not able to attach the docs here. If you need more details please let me know.

    Greatly appreciate any feedback. Thank you.




    Thursday, March 31, 2016 2:59 AM

Answers

All replies