漏洞描述
SQL Server ReportViewer page exposed.
sql-server-reportviewer: SQL Server ReportViewer - Exposure
PoC代码[已公开]
id: sql-server-reportviewer
info:
name: SQL Server ReportViewer - Exposure
author: kazet
severity: high
description: SQL Server ReportViewer page exposed.
reference:
- https://learn.microsoft.com/en-us/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports?view=sql-server-ver16
classification:
cpe: cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: microsoft
product: sql_server
google-query: inurl:"/Reports/Pages/Folder.aspx"
tags: misconfig,sql,report,exposure,vuln
http:
- raw:
- |
GET /Reports/Pages/Folder.aspx HTTP/1.1
Host: {{Hostname}}
- |
GET /ReportServer/Pages/Folder.aspx HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "status_code_1 == 200 && status_code_2 != 401"
- "contains(body, 'Data Source') && contains(body, 'SQL Server Reporting Services')"
condition: and
# digest: 4a0a00473045022068fbab3c4015eb549ff93a495a2dd475f2687b4298e6a32c04e7b4f595cd02a60221008f867764f22a3b45ebbe1f08b19e87d9153750f09aa12becd93086298c55187d:922c64590222798bb761d5b6d8e72950