Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter
Not working at my environment: Tested on Firefox 3.6.3 (Linux).
OWA version: 8.2.254.0
Exception type: Microsoft.Exchange.Data.Storage.CorruptDataException. OWA u=
ses=20
System.Convert.FromBase64String(String s) for parsing the address, so even =
when you=20
try to put the representation there, you should get the invalid format of s=
erialized ID anyways.
Weird it goes through at yours.
Regards,
Pawel Jablonski
> $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
> "Microsoft Outlook Web Access (OWA) version 8.2.254.0"
> OS: Windows Server 2003
> Internet Explorer 7
> $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
> There is an information disclosure vulnerability in "Microsoft Outlook We=
b Access (OWA) version 8.2.254.0".
> The issue is with the id parameter.
> Following are different exploitation techniques:
> https://example.com/owa/?ae=3DFolder&t=3DIPF.Note&id=3D<script>alert("HHH=
")</script>
> https://example.com/owa/?ae=3DFolder&t=3DIPF.Note&id=3D
> https://example.com/owa/?ae=3DFolder&t=3DIPF.Note&id=3DA
> Whom to contact to get a CVE Identifier for this vulnerability.
> Best Regards,
> Praveen Darshanam,
> Security Researcher,
> INDIA
討論串 (同標題文章)
完整討論串 (本文為第 2 之 3 篇):