# Microsoft Exchange SSRF(CVE-2021-26855)
FOFA Dork:
“`
microsoft exchange 2013:
app=”Microsoft-Exchange-2013″||app=”Microsoft-Exchange-Server-2013-CU21″||app=”Microsoft-Exchange-Server-2013-CU17″||app=”Microsoft-Exchange-Server-2013-CU23″||app=”Microsoft-Exchange-Server-2013-CU13″||app=”Microsoft-Exchange-Server-2013-CU22″||app=”Microsoft-Exchange-Server-2013-CU11″||app=”Microsoft-Exchange-Server-2013-CU2″||app=”Microsoft-Exchange-Server-2013-CU16″||app=”Microsoft-Exchange-Server-2013-CU19″||app=”Microsoft-Exchange-Server-2013-CU3″||app=”Microsoft-Exchange-Server-2013-CU18″||app=”Microsoft-Exchange-Server-2013-CU5″||app=”Microsoft-Exchange-Server-2013-CU20″||app=”Microsoft-Exchange-Server-2013-CU12″||app=”Microsoft-Exchange-Server-2013-CU15″||app=”Microsoft-Exchange-Server-2013-CU10″||app=”Microsoft-Exchange-Server-2013-CU9″||app=”Microsoft-Exchange-Server-2013-CU6″||app=”Microsoft-Exchange-Server-2013-CU7″||app=”Microsoft-Exchange-Server-2013-CU1″||app=”Microsoft-Exchange-Server-2013-CU14″||app=”Microsoft-Exchange-Server-2013-CU8″||app=”Microsoft-Exchange-Server-2013-RTM”||app=”Microsoft-Exchange-Server-2013-SP1″||app=”Microsoft-Exchange-2013″
microsoft exchange 2016:
app=”Microsoft-Exchange-Server-2016-CU19″||app=”Microsoft-Exchange-Server-2016-CU3″||app=”Microsoft-Exchange-Server-2016-CU12″||app=”Microsoft-Exchange-Server-2016-RTM”||app=”Microsoft-Exchange-Server-2016-CU7″||app=”Microsoft-Exchange-Server-2016-CU17″||app=”Microsoft-Exchange-Server-2016-CU2″||app=”Microsoft-Exchange-Server-2016-CU1″||app=”Microsoft-Exchange-Server-2016-CU14″||app=”Microsoft-Exchange-Server-2016-CU5″||app=”Microsoft-Exchange-Server-2016-CU11″||app=”Microsoft-Exchange-Server-2016-CU9″||app=”Microsoft-Exchange-Server-2016-CU16″||app=”Microsoft-Exchange-Server-2016-CU10″||app=”Microsoft-Exchange-Server-2016-CU6″||app=”Microsoft-Exchange-Server-2016-CU13″||app=”Microsoft-Exchange-Server-2016-CU18″||app=”Microsoft-Exchange-Server-2016-CU8″||app=”Microsoft-Exchange-Server-2016-CU4″||app=”Microsoft-Exchange-2016-POP3-server”
microsoft exchange 2019:
app=”Microsoft-Exchange-Server-2019-CU5″||app=”Microsoft-Exchange-Server-2019-CU3″||app=”Microsoft-Exchange-Server-2019-Preview”||app=”Microsoft-Exchange-Server-2019-CU8″||app=”Microsoft-Exchange-Server-2019-CU1″||app=”Microsoft-Exchange-Server-2019-CU7″||app=”Microsoft-Exchange-Server-2019-CU2″||app=”Microsoft-Exchange-Server-2019-CU6″||app=”Microsoft-Exchange-Server-2019-RTM”||app=”Microsoft-Exchange-Server-2019-CU4″
microsoft exchange 2010:
app=”Microsoft-Exchange-2010-POP3-server-version-03.1″||app=”Microsoft-Exchange-Server-2010″
“`
利用链可参考:
* https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
* https://www.crowdstrike.com/blog/falcon-complete-stops-microsoft-exchange-server-zero-day-exploits/
* https://paper.seebug.org/1501/
* https://mp.weixin.qq.com/s/iQhgQ0JkmR6pUfDxIQph1Q
PoC_proxyLogon.py:
https://web.archive.org/web/20210310164403/https://gist.github.com/testanull/fabd8eeb46f120c4b15f8793617ca7d1
exchange_proxylogon_rce.rb:
https://github.com/rapid7/metasploit-framework/blob/e5c76bfe13acddc4220d7735fdc3434d9c64736e/modules/exploits/windows/http/exchange_proxylogon_rce.rb
请登录后查看评论内容