🔥 Add CVE-2020-1147

patch-1
Dwi Siswanto 2020-07-21 03:12:42 +07:00
parent 9f3dfb639a
commit 1a836fc482
1 changed files with 35 additions and 0 deletions

35
cves/CVE-2020-1147.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2020-1147
info:
name: RCE at SharePoint Server (.NET Framework & Visual Studio) detection
author: dwisiswant0
severity: critical
# Ref:
# - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
# - https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
requests:
- method: GET
path:
- "{{BaseURL}}/_layouts/15/listform.aspx?PageType=1&ListId=%7B13371337-1337-1337-1337-133713371337%7D"
matchers-condition: and
matchers:
- type: word
words:
- "List does not exist"
- "It may have been deleted by another user"
part: body
condition: and
- type: word
words:
- "Microsoft-IIS"
- "X-SharePointHealthScore"
- "SharePointError"
- "SPRequestGuid"
- "MicrosoftSharePointTeamServices"
condition: or
part: header
- type: status
status:
- 200