Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-0688 PoC — Microsoft Exchange Server 授权问题漏洞

Source
https://github.com/truongtn/cve-2020-0688
Associated Vulnerability
Title:Microsoft Exchange Server 授权问题漏洞 (CVE-2020-0688)
Description:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 中存在授权问题漏洞,该漏洞源于程序无法正确处理内存中的对象。攻击者可借助特制的电子邮件利用该漏洞在系统用户的上下文中运行任意代码。以下产品及版本受到影响:Microsoft Exchange Server 2010,Microsoft Exchange Server 2013,Micro
Description
I made this script for conducting CVE-2020-0688 more rapidly. It helps to improve checking the vuln, reducing hugely steps for that
Readme
# cve-2020-0688
I made this script for conducting CVE-2020-0688 more rapidly. It helps to improve checking the vuln, reducing hugely steps for that.\
Modify these inputs before running the file.\
url = "https://mail.something.com" #input 1*\
command = "cmd /c echo OOOPS!!! > c:/truongtn.txt" #input2*\
aspsession = "1111a11c-11ad-1c11-1111-1111122f5977"  # input3*\
File Snapshot

 [4.0K]  /data/pocs/1aeb47fbfa892462a4e1abcf145d865c30f6ffa2
├── [ 977]  cve-2020-0688.py
├── [ 44K]  fastjson.dll
├── [1.3M]  FSharp.Core.dll
├── [594K]  FSharp.Core.xml
├── [8.5K]  FsPickler.CSharp.dll
├── [ 34K]  FsPickler.CSharp.pdb
├── [ 14K]  FsPickler.CSharp.xml
├── [947K]  FsPickler.dll
├── [ 68K]  FsPickler.Json.dll
├── [100K]  FsPickler.Json.pdb
├── [6.0K]  FsPickler.Json.xml
├── [1.0M]  FsPickler.pdb
├── [129K]  FsPickler.xml
├── [1.2K]  LICENSE
├── [1.1M]  microsoft.identitymodel.dll
├── [1.3M]  Microsoft.PowerShell.Editor.dll
├── [ 22K]  NDesk.Options.dll
├── [638K]  Newtonsoft.Json.dll
├── [658K]  Newtonsoft.Json.xml
├── [ 367]  README.md
├── [5.7M]  System.Management.Automation.dll
├── [198K]  YamlDotNet.dll
├── [242K]  YamlDotNet.xml
├── [133K]  ysoserial.exe
├── [ 540]  ysoserial.exe.config
└── [170K]  ysoserial.pdb

0 directories, 26 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.