MTN Group: SharePoint exposed web services in a subdomain
Discription
Hi there
I found a subdomain that is sharepoint configuration is poorly implemented
Because of improper configuration an anonymous user can access to the SharePoint Web Services.
POC:
Go to the following url:
https://www.mtn.co.za/_vti_bin/lists.asmx?WSDL
services.jpg
Remediation
Restrict access to this page.
References:
https://www.acunetix.com/vulnerabilities/web/vulnerability/sharepoint-exposed-web-services/
https://blogs.msdn.microsoft.com/fabdulwahab/2015/08/15/security-protecting-sharepoint-server-applications/
Best Regards Miguel Santareno
## Impact
Attackers can know the full structure off the application.Read More
References
Back to Main