Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server

Conference:  Defcon 29



Due current global issues of 2020, organizations have been forced to make changes in how their business model operates and as such, have opened the doors to remote working. Microsoft SharePoint is one of the most popular and trusted Content Management System's (CMS) deployed today. The product is used to share and manage content, internal knowledge with embeded applications to empower teamwork and seamlessly collaborate across an organization for a truly remote experience. After the efforts of countless talented engineers in Microsoft, SharePoint has been deployed in the Microsoft cloud as part of their office 365 offering. This presentation will analyze the security architecture of SharePoint server and how it differs from other popular CMS products. From an offensive point of view, we will also reveal several attack surfaces and mitigations implemented and how those mitigations can be bypassed. Finally we will disclose several high impact vulnerabilities detailing the discovery and exploitation. REFERENCES: 1. http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ 2. https://docs.microsoft.com/en-us/dotnet/api/system.web.ui.control 3. https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524602(v=vs.90) 4. https://www.youtube.com/watch?v=Xfbu-pQ1tIc 5. https://www.blackhat.com/us-20/briefings/schedule/#room-for-escape-scribbling-outside-the-lines-of-template-security-20292 6. https://www.spguides.com/sharepoint-csom-tutorial/