41 lines
1.4 KiB
YAML
41 lines
1.4 KiB
YAML
id: CVE-2020-16952
|
|
|
|
info:
|
|
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
|
|
author: dwisiswant0
|
|
severity: high
|
|
description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.
|
|
reference:
|
|
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
|
|
- https://srcincite.io/pocs/cve-2020-16952.py.txt
|
|
- https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
|
|
tags: cve,cve2020,sharepoint,iis,microsoft
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
|
cvss-score: 7.80
|
|
cve-id: CVE-2020-16952
|
|
cwe-id: CWE-346
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "15\\.0\\.0\\.(4571|5275|4351|5056)"
|
|
- "16\\.0\\.0\\.(10337|10364|10366)"
|
|
# - "16.0.10364.20001"
|
|
condition: or
|
|
part: body
|
|
- type: word
|
|
words:
|
|
- "MicrosoftSharePointTeamServices"
|
|
part: header
|
|
- type: status
|
|
status:
|
|
- 200
|
|
- 201
|
|
condition: or
|