nuclei-templates/cves/2020/CVE-2020-16952.yaml

38 lines
1.3 KiB
YAML

id: CVE-2020-16952
info:
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
author: dwisiswant0
severity: critical
reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
tags: cve,cve2020,sharepoint,iis
# This template supports the detection part only. See references[2].
# References:
# - [1] Patch: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16952
# - [2] https://srcincite.io/pocs/cve-2020-16952.py.txt
# - [3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
# - [4] https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: regex
regex:
- "15\\.0\\.0\\.(4571|5275|4351|5056)"
- "16\\.0\\.0\\.(10337|10364|10366)"
# - "16.0.10364.20001"
condition: or
part: body
- type: word
words:
- "MicrosoftSharePointTeamServices"
part: header
- type: status
status:
- 200
- 201
condition: or