Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Exposed sharepoint list

By kannthu

Low
Vidoc logoVidoc Module
#hackerone#config#exposure#sharepoint
Description

What is the "Exposed sharepoint list?" module?

The "Exposed sharepoint list" module is a test case designed to detect misconfigurations in SharePoint lists. It targets SharePoint software and aims to identify instances where the list is exposed to unauthorized access. The severity of this module is classified as low.

This module was authored by ELSFA7110.

Impact

If the "Exposed sharepoint list" module detects a misconfigured SharePoint list, it indicates that sensitive information stored in the list may be accessible to unauthorized individuals. This can lead to potential data breaches and compromise the confidentiality of the data.

How does the module work?

The "Exposed sharepoint list" module works by sending an HTTP GET request to the "/_vti_bin/lists.asmx?WSDL" endpoint of the SharePoint server. It then applies matching conditions to determine if the response indicates the presence of a misconfigured list.

The matching conditions used by this module are:

- The response body must contain the words "GetListResponse" and "GetList". - The HTTP response status code must be 200.

If both conditions are met, the module flags the SharePoint list as potentially exposed.

Example HTTP request:

GET /_vti_bin/lists.asmx?WSDL

It is important to note that this module only performs a single test case and does not perform any further actions beyond reporting the vulnerability.

For more information, you can refer to the following references:

- https://hackerone.com/reports/761158 - https://hackerone.com/reports/300539

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/_vti_bin/lists.asmx...
Matching conditions
word: GetListResponse, GetListand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability