🔥 Update methods & matchers for CVE-2020-16952
parent
a154e9ea7d
commit
31c8d723c1
|
@ -1,7 +1,7 @@
|
|||
id: cve-2020-16952
|
||||
|
||||
info:
|
||||
name: Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include RCE
|
||||
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
|
||||
|
@ -10,18 +10,27 @@ info:
|
|||
# - [1] Patch: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16952
|
||||
# - [2] https://srcincite.io/pocs/cve-2020-16952.py.txt
|
||||
# - [3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
|
||||
# - [4] https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
|
||||
|
||||
requests:
|
||||
- method: PUT
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/poc.aspx"
|
||||
body: "<asp:Literal runat=\"server\" Text=\"<%$SPTokens:{ProductNumber}%>\" />"
|
||||
- "{{BaseURL}}/"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "15.0.0.(4571|5275|4351|5056)"
|
||||
- "16.0.0.(10337|10364|10366)"
|
||||
# - "16.0.10364.20001"
|
||||
condition: or
|
||||
part: body
|
||||
- type: word
|
||||
words:
|
||||
- "16.0.10364.20001"
|
||||
part: body
|
||||
- "MicrosoftSharePointTeamServices"
|
||||
part: header
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 201
|
||||
condition: or
|
Loading…
Reference in New Issue