nuclei-templates/cves/2020/CVE-2020-16952.yaml

41 lines
1.4 KiB
YAML

id: CVE-2020-16952
info:
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
author: dwisiswant0
severity: high
description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.
reference:
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
- https://srcincite.io/pocs/cve-2020-16952.py.txt
- https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
tags: cve,cve2020,sharepoint,iis,microsoft
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 7.80
cve-id: CVE-2020-16952
cwe-id: CWE-346
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: regex
regex:
- "15\\.0\\.0\\.(4571|5275|4351|5056)"
- "16\\.0\\.0\\.(10337|10364|10366)"
# - "16.0.10364.20001"
condition: or
part: body
- type: word
words:
- "MicrosoftSharePointTeamServices"
part: header
- type: status
status:
- 200
- 201
condition: or