http/misconfiguration/sql-server-report-viewer.yaml

id: sql-server-reportviewer

info:
  name: SQL Server ReportViewer - Exposure
  author: kazet
  severity: high
  description: SQL Server ReportViewer page exposed.
  reference:
    - https://learn.microsoft.com/en-us/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports?view=sql-server-ver16
  classification:
    cpe: cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: microsoft
    product: sql_server
    google-query: inurl:"/Reports/Pages/Folder.aspx"
  tags: misconfig,sql,report,exposure

http:
  - raw:
      - |
        GET /Reports/Pages/Folder.aspx HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /ReportServer/Pages/Folder.aspx HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 200 && status_code_2 != 401"
          - "contains(body, 'Data Source') && contains(body, 'SQL Server Reporting Services')"
        condition: and
# digest: 4a0a00473045022100b217f683b106dc6255adb3175d815b155c1eca01f168c252e2d4325ab0cb0b5a02200d7f88a82ed9b48d68d3d62fc420c1f18e92c450db3594b14ade1a2d8cca9ef6:922c64590222798bb761d5b6d8e72950
rewrote template 2023-04-21 01:39:49 +05:30			`id: sql-server-reportviewer`
Microsoft SQL Server Report Viewer exposure 2023-04-20 10:17:10 +02:00
			`info:`
rewrote template 2023-04-21 01:39:49 +05:30			`name: SQL Server ReportViewer - Exposure`
Microsoft SQL Server Report Viewer exposure 2023-04-20 10:17:10 +02:00			`author: kazet`
			`severity: high`
Updated descriptions of templates 2024-01-03 11:38:41 +05:30			`description: SQL Server ReportViewer page exposed.`
Microsoft SQL Server Report Viewer exposure 2023-04-20 10:17:10 +02:00			`reference:`
			`- https://learn.microsoft.com/en-us/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports?view=sql-server-ver16`
Fix classification Fix classification 2024-09-10 14:38:16 +05:30			`classification:`
			`cpe: cpe:2.3:a:microsoft:sql_server::::::::`
rewrote template 2023-04-21 01:39:49 +05:30			`metadata:`
boolean format update 2023-06-04 13:43:42 +05:30			`verified: true`
templateman update 2023-10-14 16:57:55 +05:30			`max-request: 2`
Add missing cpes Added missing cpes 2024-09-10 13:52:50 +05:30			`vendor: microsoft`
Fix classification Fix classification 2024-09-10 14:38:16 +05:30			`product: sql_server`
Revert "chore: update TemplateMan 🤖" This reverts commit c31d574176f2b9e6f8d4fe573a24e7192f808e84. 2025-05-27 10:39:47 +08:00			`google-query: inurl:"/Reports/Pages/Folder.aspx"`
			`tags: misconfig,sql,report,exposure`
Microsoft SQL Server Report Viewer exposure 2023-04-20 10:17:10 +02:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 09:58:59 +05:30			`http:`
rewrote template 2023-04-21 01:39:49 +05:30			`- raw:`
			`- \|`
			`GET /Reports/Pages/Folder.aspx HTTP/1.1`
			`Host: {{Hostname}}`
			`- \|`
			`GET /ReportServer/Pages/Folder.aspx HTTP/1.1`
			`Host: {{Hostname}}`
Microsoft SQL Server Report Viewer exposure 2023-04-20 10:17:10 +02:00
rewrote template 2023-04-21 01:39:49 +05:30			`matchers:`
			`- type: dsl`
			`dsl:`
			`- "status_code_1 == 200 && status_code_2 != 401"`
			`- "contains(body, 'Data Source') && contains(body, 'SQL Server Reporting Services')"`
			`condition: and`
chore: sign templates 🤖 2024-12-01 13:57:55 +00:00			`# digest: 4a0a00473045022100b217f683b106dc6255adb3175d815b155c1eca01f168c252e2d4325ab0cb0b5a02200d7f88a82ed9b48d68d3d62fc420c1f18e92c450db3594b14ade1a2d8cca9ef6:922c64590222798bb761d5b6d8e72950`