Sharepoint List - Detect

ID: exposed-sharepoint-list

Severity: medium

Author: ELSFA7110

Tags: hackerone,config,exposure,sharepoint

Description

Sharepoint list was detected because of improper configuration. An anonymous user can access SharePoint Web Services.

YAML Source

id: exposed-sharepoint-list

info:
  name: Sharepoint List - Detect
  author: ELSFA7110
  severity: medium
  description: Sharepoint list was detected because of improper configuration. An anonymous user can access SharePoint Web Services.
  reference:
    - https://hackerone.com/reports/761158
    - https://hackerone.com/reports/300539
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: hackerone,config,exposure,sharepoint

http:
  - method: GET
    path:
      - "{{BaseURL}}/_vti_bin/lists.asmx?WSDL"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "GetListResponse"
          - "GetList"
        part: body
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f2932f92d59beb64bbf80560c78c457239a540da0970dc3714cfcb9633c3cd870220479822a8b26f14eb7d942e6a9e833148d4d7b727d8221b5ac7b03524cfc129bb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/exposures/configs/exposed-sharepoint-list.yaml"

View on Github