漏洞描述
Microsoft Exchange Server 是个消息与协作系统。ExchangeServer可以被用来构架应用于企业、学校的邮件系统或免费邮件系统。未经身份验证的攻击者可直接构造恶意请求,以Exchangeserver的身份发起任意HTTP请求,扫描内网,并且可获取Exchange用户信息
Exchange服务器端请求伪造(SSRF)漏洞(CVE-2021-26855)
PoC代码
暂无相关漏洞推荐
- POC CVE-2008-1547: Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
- POC CVE-2021-26855: Microsoft Exchange Server SSRF Vulnerability
- POC CVE-2021-31195: Microsoft Exchange Server - Cross-Site Scripting
- POC CVE-2021-34473: Exchange Server - Remote Code Execution
- POC CVE-2021-41349: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
- POC CVE-2021-26855: Microsoft Exchange Server Remote Code Execution
- POC CVE-2021-41349: Microsoft Exchange Server Pre-Auth POST Based Reflected Cross-Site Scripting
- POC CVE-2022-41040: Microsoft Exchange SSRF
- POC openexchangerates-csp-bypass: Content-Security-Policy Bypass - OpenExchangeRates
- POC stackexchange-api-csp-bypass: Content-Security-Policy Bypass - StackExchange API
- POC CVE-2021-33766: Microsoft Exchange - Authentication Bypass
- POC ssh-weakkey-exchange-algo: SSH Weak Key Exchange Algorithms Enabled
- POC microsoft-exchange-panel: Microsoft Exchange Control Panel