CVE-2020-0688 PoC — Microsoft Exchange Server 授权问题漏洞

Source

https://github.com/7heKnight/CVE-2020-0688

Associated Vulnerability

Title:Microsoft Exchange Server 授权问题漏洞 (CVE-2020-0688)
Description:A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

Description

CVE-2020-0688_Microsoft Exchange default MachineKeySection deserialize vulnerability

Readme

# CVE-2020-0688

CVE-2020-0688_Microsoft Exchange default MachineKeySection deserialize vulnerability

---
Installation Instruction:
- Download using git (Requires [git](https://git-scm.com/downloads)): `git clone https://github.com/7heKnight/CVE-2020-0688`
- Download Zip File: [https://github.com/7heKnight/CVE-2020-0688/archive/refs/heads/main.zip](https://github.com/7heKnight/CVE-2020-0688/archive/refs/heads/main.zip)
- `pip install urllib3 requests`

```
Usage: python poc.py -s <Server/ip> (Required) -u username (Required) -p password (Required) --proxy (Not Require)

Options:
  -h, --help       show this help message and exit
  -s SERVER        Exchange mail Server URL Example: http://ip/owa
  -u USER          Login account Example: domain\user
  -p PASSWORD      Password
  -c COMMAND       Using Command and get output from web's respond
  --upload=UPLOAD  Upload file and print respond the file location uploaded
  --proxy=PROXY    Proxy to use. Example: https://127.0.0.1:8080 (Support Only
                   HTTP and HTTPS)
```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!