nuclei-templates/cves/2020/CVE-2020-16952.yaml

id: CVE-2020-16952

info:
  name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
  author: dwisiswant0
  severity: critical
  description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.
  reference: |
    - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
    - https://srcincite.io/pocs/cve-2020-16952.py.txt
    - https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
  tags: cve,cve2020,sharepoint,iis

requests:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "15\\.0\\.0\\.(4571|5275|4351|5056)"
          - "16\\.0\\.0\\.(10337|10364|10366)"
          # - "16.0.10364.20001"
        condition: or
        part: body
      - type: word
        words:
          - "MicrosoftSharePointTeamServices"
        part: header
      - type: status
        status:
          - 200
          - 201
        condition: or
misc changes 2021-01-02 04:56:15 +00:00			`id: CVE-2020-16952`
:fire: Add CVE-2020-16952 2020-10-14 08:49:48 +00:00
			`info:`
:fire: Update methods & matchers for CVE-2020-16952 2020-10-15 10:27:52 +00:00			`name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE`
:fire: Add CVE-2020-16952 2020-10-14 08:49:48 +00:00			`author: dwisiswant0`
			`severity: critical`
Add references, and put a description 2021-03-11 15:06:39 +00:00			`description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.`
linting updates 2021-03-12 07:10:16 +00:00			`reference: \|`
Add references, and put a description 2021-03-11 15:06:39 +00:00			`- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952`
			`- https://srcincite.io/pocs/cve-2020-16952.py.txt`
			`- https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2020,sharepoint,iis`
:fire: Add CVE-2020-16952 2020-10-14 08:49:48 +00:00
			`requests:`
:fire: Update methods & matchers for CVE-2020-16952 2020-10-15 10:27:52 +00:00			`- method: GET`
:fire: Add CVE-2020-16952 2020-10-14 08:49:48 +00:00			`path:`
Preparing for request clustering 2021-01-13 07:31:46 +00:00			`- "{{BaseURL}}"`
:fire: Add CVE-2020-16952 2020-10-14 08:49:48 +00:00			`matchers-condition: and`
			`matchers:`
:fire: Update methods & matchers for CVE-2020-16952 2020-10-15 10:27:52 +00:00			`- type: regex`
			`regex:`
:pencil2: Escaping dots in patterns 2020-10-15 11:21:25 +00:00			`- "15\\.0\\.0\\.(4571\|5275\|4351\|5056)"`
			`- "16\\.0\\.0\\.(10337\|10364\|10366)"`
:fire: Update methods & matchers for CVE-2020-16952 2020-10-15 10:27:52 +00:00			`# - "16.0.10364.20001"`
			`condition: or`
			`part: body`
:fire: Add CVE-2020-16952 2020-10-14 08:49:48 +00:00			`- type: word`
			`words:`
:fire: Update methods & matchers for CVE-2020-16952 2020-10-15 10:27:52 +00:00			`- "MicrosoftSharePointTeamServices"`
			`part: header`
:fire: Add CVE-2020-16952 2020-10-14 08:49:48 +00:00			`- type: status`
			`status:`
:fire: Update methods & matchers for CVE-2020-16952 2020-10-15 10:27:52 +00:00			`- 200`
			`- 201`
			`condition: or`