nuclei-templates/cves/2020/CVE-2020-1147.yaml

35 lines
1.0 KiB
YAML

id: CVE-2020-1147
info:
name: RCE at SharePoint Server (.NET Framework & Visual Studio) detection
author: dwisiswant0
severity: critical
# Ref:
# - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
# - https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
requests:
- method: GET
path:
- "{{BaseURL}}/_layouts/15/listform.aspx?PageType=1&ListId=%7B13371337-1337-1337-1337-133713371337%7D"
matchers-condition: and
matchers:
- type: word
words:
- "List does not exist"
- "It may have been deleted by another user"
part: body
condition: and
- type: word
words:
- "Microsoft-IIS"
- "X-SharePointHealthScore"
- "SharePointError"
- "SPRequestGuid"
- "MicrosoftSharePointTeamServices"
condition: or
part: header
- type: status
status:
- 200