ET EXPLOIT Microsoft Sharepoint WebPartPagesWebService Authenticated Remote Code Execution (CVE-2023-21742)

SID: 2063365Rev: 114 views
Sourceet/open
CreatedJuly 9, 2025
UpdatedJuly 9, 2025
Classificationattempted-user
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Sharepoint WebPartPagesWebService Authenticated Remote Code Execution (CVE-2023-21742)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/webpartpages.asmx"; http.request_body; content:"ConvertWebPartFormat"; fast_pattern; content:"SelectUrl|3d 22|"; pcre:"/^[a-z]+\x3a\x2f{2}/R"; reference:url,github.com/ohnonoyesyes/CVE-2023-21742; classtype:attempted-user; sid:2063365; rev:1; metadata:affected_product Microsoft_Sharepoint, attack_target Server, created_at 2025_07_09, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_07_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlgithub.com/ohnonoyesyes/CVE-2023-21742

Metadata

affected productMicrosoft_Sharepoint
attack targetServer
created at2025_07_09
deploymentInternal
confidenceHigh
signature severityMajor
tagExploit
updated at2025_07_09
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!