支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: a3e6aa5f19ba004e4b5ad8c50feb0d5495f61eb2

来源
https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell
关联漏洞
标题:Microsoft Exchange Server 代码问题漏洞 (CVE-2022-41040)
POC 描述:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server存在安全漏洞。攻击者利用该漏洞提升权限。
POC 描述
the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.
介绍
# CVE-2022-41040-metasploit-ProxyNotShell
the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.

# preparation POC
```cmd
git clone https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell
cd CVE-2022-41040-metasploit-ProxyNotShell
mkdir -p ~/.msf4/modules/auxiliary/scanner/http
cp microsoft_exchange_server_proxynotshell_ssrf.py ~/.msf4/modules/auxiliary/scanner/http/
chmod +x ~/.msf4/modules/auxiliary/scanner/http/microsoft_exchange_server_proxynotshell_ssrf.py
msfconsole
```

# POC usage
```text
set rhosts <vuln ip/host>
set rport <vuln port>
set rssl <default: true for https>
exploit
```

# result
![poc](poc.png)

# reference
- https://www.kb.cert.org/vuls/id/915563
- https://github.com/Vulnmachines/proxynotshell-checker
- https://github.com/kljunowsky/CVE-2022-41040-POC
- https://github.com/zan8in/afrog
- https://github.com/Ph33rr/Exploit
文件快照

 [4.0K]  /data/pocs/a3e6aa5f19ba004e4b5ad8c50feb0d5495f61eb2
├── [10.0K]  microsoft_exchange_server_proxynotshell_ssrf.py
├── [356K]  poc.png
└── [1022]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。