nuclei-templates/http/technologies/microsoft/ms-exchange-server.yaml

id: ms-exchange-server

info:
  name: Microsoft Exchange Server Detect
  author: pikpikcu,dhiyaneshDK
  severity: info
  description: Check for Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065, using Outlook Web App path data.
  reference:
    - https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse
  metadata:
    max-request: 1
  tags: microsoft,exchange,tech

http:
  - method: GET
    path:
      - "{{BaseURL}}/owa/auth/logon.aspx"

    matchers-condition: or
    matchers:
      - type: regex
        part: header
        regex:
          - "(?i)(X-Owa-Version:)"

      - type: regex
        part: body
        regex:
          - "/owa/auth/[0-9.]+/"

      - type: word
        words:
          - '<title>Exchange Log In</title>'
          - '<title>Microsoft Exchange - Outlook Web Access</title>'

    extractors:
      - type: kval
        kval:
          - x_owa_version

      - type: regex
        part: body
        group: 1
        regex:
          - "/owa/auth/([0-9.]+)/"

# digest: 4b0a0048304602210095695efde97debbfebb56815a66c40afafaf4a5642d9a39012a320f140f9a3f1022100fd7ba36a370a6e12787bc09a0b6b2fca2e271999c624e0056af26ae5669b322a:922c64590222798bb761d5b6d8e72950
Clean MS Exchange detection (#4243) * Clean MS Exchange detect - Extract version from body when the header is missing - Makes it clear that we are looking either for a header or for specific body content - Accept older (and newer) versions * misc updates Co-authored-by: Pierre Lalet <pierre@drids-corp.org> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-05 18:13:11 +00:00			`id: ms-exchange-server`
Create microsoft-echange-server-detect.yaml 2021-03-03 19:09:10 +00:00
			`info:`
			`name: Microsoft Exchange Server Detect`
more updates 2021-08-19 20:44:42 +00:00			`author: pikpikcu,dhiyaneshDK`
Create microsoft-echange-server-detect.yaml 2021-03-03 19:09:10 +00:00			`severity: info`
Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 12:34:08 +00:00			`description: Check for Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065, using Outlook Web App path data.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`tags: microsoft,exchange,tech`
Update microsoft-echange-server-detect.yaml 2021-03-04 05:15:16 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create microsoft-echange-server-detect.yaml 2021-03-03 19:09:10 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/owa/auth/logon.aspx"`

more updates 2021-08-19 20:44:42 +00:00			`matchers-condition: or`
Create microsoft-echange-server-detect.yaml 2021-03-03 19:09:10 +00:00			`matchers:`
Clean MS Exchange detection (#4243) * Clean MS Exchange detect - Extract version from body when the header is missing - Makes it clear that we are looking either for a header or for specific body content - Accept older (and newer) versions * misc updates Co-authored-by: Pierre Lalet <pierre@drids-corp.org> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-05 18:13:11 +00:00			`- type: regex`
			`part: header`
			`regex:`
			`- "(?i)(X-Owa-Version:)"`
Update microsoft-echange-server-detect.yaml 2021-03-04 05:15:16 +00:00
Create microsoft-echange-server-detect.yaml 2021-03-03 19:09:10 +00:00			`- type: regex`
Clean MS Exchange detection (#4243) * Clean MS Exchange detect - Extract version from body when the header is missing - Makes it clear that we are looking either for a header or for specific body content - Accept older (and newer) versions * misc updates Co-authored-by: Pierre Lalet <pierre@drids-corp.org> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-05 18:13:11 +00:00			`part: body`
Create microsoft-echange-server-detect.yaml 2021-03-03 19:09:10 +00:00			`regex:`
Clean MS Exchange detection (#4243) * Clean MS Exchange detect - Extract version from body when the header is missing - Makes it clear that we are looking either for a header or for specific body content - Accept older (and newer) versions * misc updates Co-authored-by: Pierre Lalet <pierre@drids-corp.org> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-05 18:13:11 +00:00			`- "/owa/auth/[0-9.]+/"`
misc updates 2021-03-04 15:01:21 +00:00
more updates 2021-08-19 20:44:42 +00:00			`- type: word`
			`words:`
			`- '<title>Exchange Log In</title>'`
			`- '<title>Microsoft Exchange - Outlook Web Access</title>'`

Create microsoft-echange-server-detect.yaml 2021-03-03 19:09:10 +00:00			`extractors:`
			`- type: kval`
			`kval:`
Clean MS Exchange detection (#4243) * Clean MS Exchange detect - Extract version from body when the header is missing - Makes it clear that we are looking either for a header or for specific body content - Accept older (and newer) versions * misc updates Co-authored-by: Pierre Lalet <pierre@drids-corp.org> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-05 18:13:11 +00:00			`- x_owa_version`

			`- type: regex`
			`part: body`
			`group: 1`
			`regex:`
			`- "/owa/auth/([0-9.]+)/"`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a0048304602210095695efde97debbfebb56815a66c40afafaf4a5642d9a39012a320f140f9a3f1022100fd7ba36a370a6e12787bc09a0b6b2fca2e271999c624e0056af26ae5669b322a:922c64590222798bb761d5b6d8e72950`