.. / CVE-2020-0618

Exploit for Microsoft SQL Server Reporting Services - Remote Code Execution (CVE-2020-0618)

Description:

Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.

Nuclei Template

View the template here CVE-2020-0618.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-0618.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-0618
http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
https://github.com/euphrat1ca/CVE-2020-0618