Merge pull request #9675 from userdehghani/main

Add ms-exchange-local-domain exposure template

http/misconfiguration/microsoft/ms-exchange-local-domain.yaml

@@ -0,0 +1,44 @@
+id: ms-exchange-local-domain
+
+info:
+  name: Microsoft Exchange Autodiscover - Local Domain Exposure
+  author: userdehghani
+  severity: low
+  description: |
+    Microsoft Exchange is prone to a local domain exposure using the Autodiscover v2 endpoint.
+  impact: |
+    An attacker can leverage this information for reconnaissance and targeted attacks.
+  remediation: |
+    Restrict access to the Autodiscover service or configure it to not expose local domain information.
+  reference:
+    - https://support.microsoft.com/en-gb/topic/autodiscover-v2-returns-internalurl-not-externalurls-in-other-site-774301e2-2d1e-d5e0-aa41-a49f6e9b06f4
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cwe-id: CWE-200
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: http.title:outlook exchange
+  tags: misconfig, microsoft,ms-exchange,ad,dc
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/autodiscover/autodiscover.json?Protocol=ActiveSync&Email=user@domain.tld&RedirectCount=1"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - "(?i)(X-Calculatedbetarget:)"
+
+      - type: status
+        status:
+          - 200
+          - 302
+
+    extractors:
+      - type: kval
+        kval:
+          - x_calculatedbetarget