Site icon API Security Blog

MTN Group: SharePoint exposed web services in a subdomain

Hi there
I found a subdomain that is sharepoint configuration is poorly implemented
Because of improper configuration an anonymous user can access to the SharePoint Web Services.

POC:
Go to the following url:
https://www.mtn.co.za/_vti_bin/lists.asmx?WSDL

services.jpg

Remediation
Restrict access to this page.

References:
https://www.acunetix.com/vulnerabilities/web/vulnerability/sharepoint-exposed-web-services/
https://blogs.msdn.microsoft.com/fabdulwahab/2015/08/15/security-protecting-sharepoint-server-applications/

Best Regards Miguel Santareno

## Impact

Attackers can know the full structure off the application.Read More

Exit mobile version