漏洞描述
Detected exposed SharePoint Master Page endpoints.
sharepoint-masterpage-disclosure: Microsoft SharePoint - Master Page Disclosure
PoC代码[已公开]
id: sharepoint-masterpage-disclosure
info:
name: Microsoft SharePoint - Master Page Disclosure
author: DhiyaneshDk
severity: low
description: |
Detected exposed SharePoint Master Page endpoints.
reference:
- https://sharepointstuff.com/2021/03/30/useful-sharepoint-urls/
metadata:
max-request: 2
verified: true
shodan-query: http.title:"SharePoint"
fofa-query: title="SharePoint"
tags: sharepoint,microsoft,exposure,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/_catalogs/masterpage/Forms/AllItems.aspx"
- "{{BaseURL}}/_catalogs/15/masterpage/Forms/AllItems.aspx"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- status_code == 200
- contains_all(body, "Master Page Gallery", "Recycle")
condition: and
# digest: 490a0046304402203657ee34bc9b960fb78fdebe6de0781075669ea74ae5cebed712fbfdc6a2a005022003d10e0d95f2344ee98e75525f81a7794b9c5a32658c48b705c223f7abf1b594:922c64590222798bb761d5b6d8e72950