35 lines
1.0 KiB
YAML
35 lines
1.0 KiB
YAML
|
id: CVE-2020-1147
|
||
|
|
||
|
info:
|
||
|
name: RCE at SharePoint Server (.NET Framework & Visual Studio) detection
|
||
|
author: dwisiswant0
|
||
|
severity: critical
|
||
|
|
||
|
# Ref:
|
||
|
# - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
|
||
|
# - https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- "{{BaseURL}}/_layouts/15/listform.aspx?PageType=1&ListId=%7B13371337-1337-1337-1337-133713371337%7D"
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: word
|
||
|
words:
|
||
|
- "List does not exist"
|
||
|
- "It may have been deleted by another user"
|
||
|
part: body
|
||
|
condition: and
|
||
|
- type: word
|
||
|
words:
|
||
|
- "Microsoft-IIS"
|
||
|
- "X-SharePointHealthScore"
|
||
|
- "SharePointError"
|
||
|
- "SPRequestGuid"
|
||
|
- "MicrosoftSharePointTeamServices"
|
||
|
condition: or
|
||
|
part: header
|
||
|
- type: status
|
||
|
status:
|
||
|
- 200
|