microsoft-exchange-panel: Microsoft Exchange Control Panel

日期: 2025-08-01 | 影响软件: Microsoft Exchange Control Panel | POC: 已公开

漏洞描述

Publicly accessible Microsoft Exchange Server Control Panel fofa: app="Microsoft-Exchange"

PoC代码[已公开]

id: microsoft-exchange-panel

info:
  name: Microsoft Exchange Control Panel
  author: r3dg33k
  severity: info
  verified: true
  description: |-
    Publicly accessible Microsoft Exchange Server Control Panel
    fofa: app="Microsoft-Exchange"
  reference:
    - https://docs.microsoft.com/en-us/answers/questions/58814/block-microsoft-exchange-server-2016-exchange-admi.html
  tags: panel,exchange,detect
  created: 2024/01/05

set:
  hostUrl: request.url
rules:
  r0:
    request:
      method: GET
      path: /owa/auth/logon.aspx?replaceCurrent=1&url={{hostUrl}}/ecp
    expression: response.status == 200 && response.body.bcontains(b'Exchange Admin Center')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/fingerprinting/microsoft-exchange-panel.yaml