关联漏洞
标题:
Microsoft Exchange Server 授权问题漏洞
(CVE-2020-0688)
描述:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 中存在授权问题漏洞,该漏洞源于程序无法正确处理内存中的对象。攻击者可借助特制的电子邮件利用该漏洞在系统用户的上下文中运行任意代码。以下产品及版本受到影响:Microsoft Exchange Server 2010,Microsoft Exchange Server 2013,Micro
描述
CVE-2020-0688_Microsoft Exchange default MachineKeySection deserialize vulnerability
介绍
# CVE-2020-0688
CVE-2020-0688_Microsoft Exchange default MachineKeySection deserialize vulnerability
---
Installation Instruction:
- Download using git (Requires [git](https://git-scm.com/downloads)): `git clone https://github.com/7heKnight/CVE-2020-0688`
- Download Zip File: [https://github.com/7heKnight/CVE-2020-0688/archive/refs/heads/main.zip](https://github.com/7heKnight/CVE-2020-0688/archive/refs/heads/main.zip)
- `pip install urllib3 requests`
```
Usage: python poc.py -s <Server/ip> (Required) -u username (Required) -p password (Required) --proxy (Not Require)
Options:
-h, --help show this help message and exit
-s SERVER Exchange mail Server URL Example: http://ip/owa
-u USER Login account Example: domain\user
-p PASSWORD Password
-c COMMAND Using Command and get output from web's respond
--upload=UPLOAD Upload file and print respond the file location uploaded
--proxy=PROXY Proxy to use. Example: https://127.0.0.1:8080 (Support Only
HTTP and HTTPS)
```
文件快照
[4.0K] /data/pocs/4779b5b7074681286939b586acfb1a84479d9829
├── [5.1K] command.xml
├── [3.8K] CVE-2020-0688.ps1
├── [1.3M] Microsoft.PowerShell.Editor.dll
├── [1.1K] NULL-File.xml
├── [9.5K] poc.py
├── [1.0K] README.md
├── [2.2K] uploader.xml
└── [4.6K] Upload-Shell.xml
0 directories, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。