Additional matchers update
parent
5072dbbcbb
commit
e8c3a1f9c7
|
@ -1,14 +1,13 @@
|
|||
id: ms-exchange-server-reflected-xss
|
||||
|
||||
info:
|
||||
name: MS Exchange Server XSS (
|
||||
name: MS Exchange Server XSS
|
||||
author: infosecsanyam
|
||||
severity: high
|
||||
description: |
|
||||
Microsoft Exchange Server XSS.
|
||||
reference: |
|
||||
- https://www.shodan.io/search?query=http.title%3A%22Outlook%22
|
||||
tags: exchangeserver,owa,xss
|
||||
- https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html
|
||||
tags: miscrsoft,owa,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -20,9 +19,14 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- 'alert(document.domain)//'
|
||||
condition: or
|
||||
- 'Microsoft Corporation'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 500
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
Loading…
Reference in New Issue