microsoft-exchange-panel: Microsoft Exchange Control Panel

日期: 2025-09-01 | 影响软件: Microsoft Exchange Control Panel | POC: 已公开

漏洞描述

Publicly accessible Microsoft Exchange Server Control Panel Fofa: app="Microsoft-Exchange"

PoC代码[已公开]

id: microsoft-exchange-panel

info:
  name: Microsoft Exchange Control Panel
  author: r3dg33k
  severity: info
  verified: true
  description: |
    Publicly accessible Microsoft Exchange Server Control Panel
    Fofa: app="Microsoft-Exchange"
  reference:
    - https://docs.microsoft.com/en-us/answers/questions/58814/block-microsoft-exchange-server-2016-exchange-admi.html

set:
  hostUrl: request.url
rules:
  r0:
    request:
      method: GET
      path: /owa/auth/logon.aspx?replaceCurrent=1&url={{hostUrl}}/ecp
    expression: response.status == 200 && response.body.bcontains(b'Exchange Admin Center')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/fingerprinting/microsoft-exchange-panel.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

万户OA freemarkeService 远程命令执行漏洞 无POC

万户OA /defaultroot/yzConvertFile/file2Html.controller 任意文件上传漏洞 无POC

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893） 无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC

万户OA freemarkeService 远程命令执行漏洞无POC

万户OA /defaultroot/yzConvertFile/file2Html.controller 任意文件上传漏洞无POC

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893）无POC