Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneMiguel_santarenoH1:761158
HistoryDec 18, 2019 - 5:46 p.m.

MTN Group: SharePoint exposed web services in a subdomain

2019-12-1817:46:39
miguel_santareno
hackerone.com
22
JSON

Hi there
I found a subdomain that is sharepoint configuration is poorly implemented
Because of improper configuration an anonymous user can access to the SharePoint Web Services.

POC:
Go to the following url:
https://www.mtn.co.za/_vti_bin/lists.asmx?WSDL

services.jpg

Remediation
Restrict access to this page.

References:
https://www.acunetix.com/vulnerabilities/web/vulnerability/sharepoint-exposed-web-services/
https://blogs.msdn.microsoft.com/fabdulwahab/2015/08/15/security-protecting-sharepoint-server-applications/

Best Regards Miguel Santareno

Impact

Attackers can know the full structure off the application.

JSON