sharepoint-layouts-disclosure: Microsoft SharePoint - Layouts Disclosure

日期: 2025-12-02 | 影响软件: Microsoft SharePoint | POC: 已公开

漏洞描述

Detected exposed SharePoint Layouts endpoints.

PoC代码[已公开]

id: sharepoint-layouts-disclosure

info:
  name: Microsoft SharePoint - Layouts Disclosure
  author: DhiyaneshDk
  severity: low
  description: |
    Detected exposed SharePoint Layouts endpoints.
  reference:
    - https://sharepointstuff.com/2021/03/30/useful-sharepoint-urls/
  metadata:
    max-request: 2
    verified: true
    shodan-query: http.title:"SharePoint"
    fofa-query: title="SharePoint"
  tags: sharepoint,microsoft,exposure,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/_layouts/15/viewlsts.aspx"
      - "{{BaseURL}}/_layouts/viewlsts.aspx"

    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Site Contents","Libraries") || contains_all(body, "All Site Content","accessible mode")'
        condition: and
# digest: 4b0a00483046022100f0d6352564de6d15fe75771357e0dd92c9db521edf0cfd3c3abc6168c0c55559022100a8fa2a7aa3d981b84b444724c969906f648e03200b278e1384f1007d3e8bd210:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/microsoft/sharepoint-layouts-disclosure.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐