🔥 Update methods & matchers for CVE-2020-16952

patch-1
Dwi Siswanto 2020-10-15 17:27:52 +07:00
parent a154e9ea7d
commit 31c8d723c1
1 changed files with 16 additions and 7 deletions

View File

@ -1,7 +1,7 @@
id: cve-2020-16952
info:
name: Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include RCE
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
author: dwisiswant0
severity: critical
@ -10,18 +10,27 @@ info:
# - [1] Patch: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16952
# - [2] https://srcincite.io/pocs/cve-2020-16952.py.txt
# - [3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
# - [4] https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
requests:
- method: PUT
- method: GET
path:
- "{{BaseURL}}/poc.aspx"
body: "<asp:Literal runat=\"server\" Text=\"<%$SPTokens:{ProductNumber}%>\" />"
- "{{BaseURL}}/"
matchers-condition: and
matchers:
- type: regex
regex:
- "15.0.0.(4571|5275|4351|5056)"
- "16.0.0.(10337|10364|10366)"
# - "16.0.10364.20001"
condition: or
part: body
- type: word
words:
- "16.0.10364.20001"
part: body
- "MicrosoftSharePointTeamServices"
part: header
- type: status
status:
- 200
- 201
condition: or