id: CVE-2020-16952
info:
  name: Microsoft SharePoint RCE
  risk: Critical

params:
  - root: '{{.BaseURL}}'

requests: 
  - method: GET
    url: >-
      {{.root}}/
    headers:
      - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3984.0 Safari/537.36
    detections:
      - >-
        (StatusCode() == 200 || StatusCode() == 201) && StringSearch("resHeaders", "MicrosoftSharePointTeamServices") && (RegexSearch("resBody", "15\\.0\\.0\\.(4571|5275|4351|5056)") || RegexSearch("resBody", "16\\.0\\.0\\.(10337|10364|10366)"))

references:
  - https://www.cvebase.com/cve/2020/16952