Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneBalisongH1:807915
HistoryMar 01, 2020 - 2:24 a.m.

U.S. Dept Of Defense: SharePoint Web Services Exposed to Anonymous Access Users

2020-03-0102:24:56
balisong
hackerone.com
25
JSON

Summary:
Any unauthenticated/anonymous users are able to access the SharePoint Web Services (.wsdl files) for the █████ Initiative website.

Description:
The SharePoint installation for this particular site allows any user to access the spdisco.aspx on the web server which discloses the location of of all SharePoint’s web service endpoints. The URL is: https://█████/██████/_vti_bin/spdisco.aspx

Impact

An adversary may utilize the exposed information about the web services to mount specific attacks against this SharePoint site. It may allow the attacker to communicate with the web service to further identify potential weaknesses and further compromise the system.

Step-by-step Reproduction Instructions

  1. Navigate to https://███████/██████████/_vti_bin/spdisco.aspx

Product, Version, and Configuration (If applicable)

Suggested Mitigation/Remediation Actions

Disable anonymous access to spdisco.aspx

Impact

An adversary may utilize the exposed information about the web services to mount specific attacks against this SharePoint site. It may allow the attacker to communicate with the web service to further identify potential weaknesses and further compromise the system.

JSON