SharePoint 2013 Public WebSite中的安全漏洞 [英] Security Vulnerability in SharePoint 2013 Public WebSite
问题描述
我们在SharePoint 2013公共门户网站上运行了IBM Security AppScan Standard 9.0.3.7 iFix004规则:12676,并发现了以下漏洞。 MicroSoft是否针对报告的漏洞发布了任何补丁。我们对这些参数没有太多控制权,因为产品本身正在呈现
。对此有任何建议都非常值得赞赏。
We ran IBM Security AppScan Standard 9.0.3.7 iFix004, Rules: 12676 on SharePoint 2013 public portal and found below vulnerability. Does MicroSoft released any patches for the vulnerability reported. We don't have much control on these parameters as they are being rendered by the product itself. Any suggestion for these is highly appreciable.
操作系统: Windows Server 2008 R2
Web服务器: IIS 7.5
应用程序服务器: SharePoint Server 2013企业版Service Pack 1(良好的Service Pack)
跨站点脚本
严重性: 高
CVSS分数: 7.5
实体: MSOWebPartPage_Shared (参数), wpcmVal (参数)
Severity: High
CVSS Score: 7.5
Entity: MSOWebPartPage_Shared (Parameter), wpcmVal (Parameter)
<input type="hidden" name="MSOWebPartPage_Shared" id="MSOWebPartPage_Shared" value="" />
< input type =" hidden " name =" wpcmVal " id =" wpcmVal " value ="" />
<input type="hidden" name="wpcmVal" id="wpcmVal" value="" />
风险:可能会窃取或操纵客户会话和Cookie,这可能是用于冒充合法用户,允许黑客查看或更改用户记录,以及执行该用户的交易
原因:用户输入未正确执行危险字符的卫生
推理说明:测试成功将脚本嵌入到响应中,作为现有JavaScript内容的一部分。执行原始脚本时,也会执行注入的脚本。这意味着该应用程序容易受到跨站点
脚本攻击的攻击。
Risk: It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user
Causes: Sanitation of hazardous characters was not performed correctly on user input
Reasoning explanation: The test successfully embedded a script in the response as part of an existing JavaScript content. When the original script is executed, the injected script will be executed as well. This means that the application is vulnerable to Cross-Site
Scripting attacks.
谢谢!
Deepak Semwal
Deepak Semwal
回答您关于technet的问题。
Answer to your Question on technet.
推荐答案
您的SharePoint公共网站是否受到SSL证书的保护和保护?如果是,则无法对操纵会话和cookie进行风险评估。
Its your SharePoint public site has been well guarded and protected by SSL certificates ? If yes, Your Risk assessment on manipulating the session and cookies will not be possible.
如果您启用了"匿名",则用户上下文也不会出现。访问此网站,因此网站中不会出现冒充情况。
And also user context won't be there if you enabled the "anonymous" access on this site, so impersonating situation won't arise in the site.
您是否在公共网站上公开了一些用户记录?那不应该。可能是您可能已在公共网站上嵌入列表或文档库Web部件,因此在您的公共站点上进行安全修整。如果是,请从页面中删除
列表视图webpart。
Are you exposing some user records on the public site ? then It shouldn't be . May be you might have embed the List or document library web part on the Public website and consequently Security trimming happening on your public site. If yes please remove the List view webpart from the page.
此外,我怀疑将脚本注入页面的测试场景,测试人员可能已执行此测试作为经过身份验证的用户的活动,这就是网站响应和执行脚本的原因。
And also, I am suspecting the testing scenario for injecting the script into the page, tester might have perform this testing activities as authenticated user, thats why site responding and executing the script.
这篇关于SharePoint 2013 Public WebSite中的安全漏洞的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
