Skip to content

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

License

Notifications You must be signed in to change notification settings

dwisiswant0/proxylogscan

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

proxylogscan

This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution (CVE-2021-27065). As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server.

This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010).

All components are vulnerable by default.

Installation

Go 1.13+ required.

$ go get dw1.io/proxylogscan

Or download pre-built binary at release page.

Usage

$ proxylogscan -h
Usage of proxylogscan:
  -m string
        Request method (default "GET")
  -p string
        Proxy URL (HTTP/SOCKSv5)
  -s    Silent mode (Only display vulnerable/suppress errors)
  -u string
        Target URL/list to scan

Examples

There are 3 ways to use this tool.

$ proxylogscan -u https://domain.tld
$ proxylogscan -u urls.txt
$ cat urls.txt | proxylogscan
$ subfinder -silent -d domain.tld | httpx -silent | proxylogscan

Supporting Materials

License

proxylogscan is distributed under MIT.