Back to directory
WRITEUP #763

[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)

RCEAuthentication bypassJWTCode injectionSecurity code review
by@testanull(Nguyễn Tiến Giang)
Program
Microsoft (Sharepoint)
Published
Sep 25, 2023
Added to HackDex
Oct 3, 2023
Read Full Writeuphttps://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/
RELATED WRITEUPS
Spip Preauth RCE 2024: Part 1, The Feather
RCECode injection
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle
RCESecurity code review

Built with ❤️ by Shubham Rawat