漏洞描述
Microsoft Exchange Server 是个消息与协作系统。ExchangeServer可以被用来构架应用于企业、学校的邮件系统或免费邮件系统。攻击者可以通过CVE-2021-26855的ssrf漏洞获取到的Exchangeadministrator凭证,构造恶意请求,在系统上写入任意文件。拿下服务器权限
Exchange 任意文件写入漏洞(CVE-2021-26858 / CVE-2021-27065)
PoC代码
暂无相关漏洞推荐
- POC CVE-2008-1547: Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
- POC CVE-2021-26855: Microsoft Exchange Server SSRF Vulnerability
- POC CVE-2021-31195: Microsoft Exchange Server - Cross-Site Scripting
- POC CVE-2021-34473: Exchange Server - Remote Code Execution
- POC CVE-2021-41349: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
- POC CVE-2021-26855: Microsoft Exchange Server Remote Code Execution
- POC CVE-2021-41349: Microsoft Exchange Server Pre-Auth POST Based Reflected Cross-Site Scripting
- POC CVE-2022-41040: Microsoft Exchange SSRF
- POC openexchangerates-csp-bypass: Content-Security-Policy Bypass - OpenExchangeRates
- POC stackexchange-api-csp-bypass: Content-Security-Policy Bypass - StackExchange API
- POC CVE-2021-33766: Microsoft Exchange - Authentication Bypass
- POC ssh-weakkey-exchange-algo: SSH Weak Key Exchange Algorithms Enabled
- POC microsoft-exchange-panel: Microsoft Exchange Control Panel