Phân tích lỗ hổng ProxyLogon — Mail Exchange RCE (Sự kết hợp hoàn hảo CVE-2021–26855 + CVE-2021–27065)

  • CVE-2021–26855: Mail Exchange Pre-Auth SSRF
  • CVE-2021–26857: Post-Auth Deserialization
  • CVE-2021–26858: Post-Auth arbitrary file write
  • CVE-2021–27065: Post-Auth arbitrary file write
X-BEResource=EXCHANGE2016~1942062522;
X-BEResource=EXCHANGE2016/owa/auth/logon.aspx?a=~1942062522;
  • 1 lỗ hổng SSRF với quyền system
  • 1 lỗ hổng ghi file tùy ý (cần quyền admin mail)
- SID của user john: S-1–5–21–1525789613–2932220202–353317642–3102
- SID của admin: S-1-5-21-1525789613-2932220202-353317642-500

--

--

--

asdasd asdasdasd asdasdasd

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jang

Jang

asdasd asdasdasd asdasdasd

More from Medium

The Parler Hack

rev_wide — cyber apocalypse 2022 (CTF writeup)

LAME HTB — Walkthrough & cve-2007–2447 explained

Game Zone TryHackMe Write-Up