来源

关联漏洞

描述

🎯 Vulnerability scanner for SharePoint servers affected by CVE-2025-53770. Detects unsafe deserialization using ToolPane.aspx with a crafted base64+gzip payload. 🛡️ Developed by Ahmed Tamer.

介绍

# 🛡️ CVE-2025-53770 SharePoint Vulnerability Scanner

A Python-based tool to detect vulnerable Microsoft SharePoint instances affected by **CVE-2025-53770**, an insecure deserialization vulnerability triggered via the `ToolPane.aspx` endpoint. The scanner sends a crafted, compressed ViewState payload to determine if the target leaks internal serialized objects.

---

## 🚀 Features

- ✅ Detects SharePoint instances vulnerable to CVE-2025-53770
- ✅ Supports scanning a single target or bulk URLs from a file
- ✅ Uses a safe `Scorecard:ExcelDataSet` test payload
- ✅ Decodes and decompresses reflected base64+gzip ViewState data
- ✅ Minimal dependencies and works with standard tools (`curl`, `base64`, `gzip`)
- ✅ Colored CLI output for easy identification

---

## 📖 CVE Details

- **CVE**: CVE-2025-53770
- **Component**: Microsoft SharePoint (`ToolPane.aspx`)
- **Vulnerability Type**: Insecure Deserialization / Unsafe ViewState Reflection
- **Severity**: High – May lead to sensitive data disclosure or remote code execution (RCE)
- **Test Marker**: `IntruderScannerDetectionPayload`, `ExcelDataSet`, `divWaiting`, `ProgressTemplate`, `Scorecard`

---

## 🧑‍💻 Usage

```bash
# Scan a single SharePoint URL
python3 CVE-2025-53770_Scanner.py -u https://target.sharepoint.com

# Scan multiple URLs from a file
python3 CVE-2025-53770_Scanner.py -f targets.txt
````

**Example targets.txt file:**

```
https://intranet.company.com
https://sharepoint.university.edu
https://portal.corporate.net
```

---

## 📦 Requirements

* Python 3.x
* `curl`, `base64`, `gzip` installed and available in system path
* Python module: `colorama`

Install the Python dependency:

```bash
pip install colorama
```

---

## 🔍 Sample Output

```bash
[>] Scanning: https://vulnerable.sharepoint.com
[VULNERABLE] https://vulnerable.sharepoint.com returned payload marker!
```

---

## 📝 License

This project is licensed under the [MIT License](LICENSE).

---

## 👤 Author

**Ahmed Tamer**
Cybersecurity Researcher | Bug Hunter | Red Teamer

* 💼 [LinkedIn](https://www.linkedin.com/in/ahmed-tamer-b8977b35a)

---

## ⚠️ Ethical Disclaimer

> This tool is developed for **educational and authorized security testing purposes only**.
> You are **not allowed** to use this tool against systems you do not own or lack explicit permission to test.
> Misuse of this software may result in criminal charges — **use responsibly and ethically.**

---

```
```

文件快照

 [4.0K]  /data/pocs/47b5907a1cb5f874f321e7352e61bf4a815b5e87
├── [3.4K]  CVE-2025-53770_Scanner.py
├── [1.0K]  LICENSE
└── [2.4K]  README.md

0 directories, 3 files

备注