nuclei-templates/cves/2020/CVE-2020-16952.yaml

38 lines
1.3 KiB
YAML
Raw Normal View History

2021-01-02 04:56:15 +00:00
id: CVE-2020-16952
2020-10-14 08:49:48 +00:00
info:
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
2020-10-14 08:49:48 +00:00
author: dwisiswant0
severity: critical
reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
tags: cve,cve2020,sharepoint,iis
2020-10-14 08:49:48 +00:00
# This template supports the detection part only. See references[2].
# References:
# - [1] Patch: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16952
# - [2] https://srcincite.io/pocs/cve-2020-16952.py.txt
# - [3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
# - [4] https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
2020-10-14 08:49:48 +00:00
requests:
- method: GET
2020-10-14 08:49:48 +00:00
path:
2021-01-13 07:31:46 +00:00
- "{{BaseURL}}"
2020-10-14 08:49:48 +00:00
matchers-condition: and
matchers:
- type: regex
regex:
2020-10-15 11:21:25 +00:00
- "15\\.0\\.0\\.(4571|5275|4351|5056)"
- "16\\.0\\.0\\.(10337|10364|10366)"
# - "16.0.10364.20001"
condition: or
part: body
2020-10-14 08:49:48 +00:00
- type: word
words:
- "MicrosoftSharePointTeamServices"
part: header
2020-10-14 08:49:48 +00:00
- type: status
status:
- 200
- 201
condition: or