Phân tích lỗ hổng ProxyLogon — Mail Exchange RCE (Sự kết hợp hoàn hảo CVE-2021–26855 + CVE-2021–27065)

  • CVE-2021–26855: Mail Exchange Pre-Auth SSRF
  • CVE-2021–26857: Post-Auth Deserialization
  • CVE-2021–26858: Post-Auth arbitrary file write
  • CVE-2021–27065: Post-Auth arbitrary file write
X-BEResource=EXCHANGE2016~1942062522;
X-BEResource=EXCHANGE2016/owa/auth/logon.aspx?a=~1942062522;
  • 1 lỗ hổng SSRF với quyền system
  • 1 lỗ hổng ghi file tùy ý (cần quyền admin mail)
- SID của user john: S-1–5–21–1525789613–2932220202–353317642–3102
- SID của admin: S-1-5-21-1525789613-2932220202-353317642-500

--

--

asdasd asdasdasd asdasdasd

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store