add in reference to teh LeakIX blog, which shows CVE-2025-53771

sfewer-r7 · sfewer-r7 · commit f16f7bf2addf · 2025-07-25T11:02:55.000+01:00
diff --git a/modules/exploits/windows/http/sharepoint_toolpane_rce.rb b/modules/exploits/windows/http/sharepoint_toolpane_rce.rb
@@ -38,6 +38,8 @@ def initialize(info = {})
           ['CVE', '2025-53771'],
           # Technical analysis of CVE-2025-49704 and CVE-2025-49706 by the original finder, Dinh Ho Anh Khoa (Viettel Cyber Security).
           ['URL', 'https://blog.viettelcybersecurity.com/sharepoint-toolshell/'],
+          # LeakIX blog which captured the malicious request for the in-the-wild exploit.
+          ['URL', 'https://blog.leakix.net/2025/07/using-their-own-weapons-for-defense-a-sharepoint-story/'],
           # ZDI advisories for CVE-2025-49704 and CVE-2025-49706, discovered by Viettel Cyber Security.
           ['URL', 'https://www.zerodayinitiative.com/advisories/ZDI-25-580/'],
           ['URL', 'https://www.zerodayinitiative.com/advisories/ZDI-25-581/'],
