Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26855 PoC — Microsoft Exchange Server Remote Code Execution Vulnerability

Source
https://github.com/pussycat0x/CVE-2021-26855-SSRF
Associated Vulnerability
Title:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
Description:Microsoft Exchange Server Remote Code Execution Vulnerability
Description
This script helps to identify  CVE-2021-26855  ssrf Poc
Readme
# CVE-2021-26855-SSRF-Poc
This script helps to identify  CVE-2021-26855  ssrf Poc

Reference: https://proxylogon.com/ 

## Script usage

#### python CVE-2021-26855.py -H target.com -B xxxxxxxxxxxxxxxxxx.burpcollaborator.net

![PoC](https://github.com/pussycat0x/CVE-2021-26855-SSRF/blob/main/PoC.JPG)

If you are able to retrieve tokens through HTTPS request. then the target is vulnerable. otherwise, it will be a false positive.
Check the following headers.
X-SourceCafeServer:
X-CommonAccessToken:

![http request](https://user-images.githubusercontent.com/65701233/110593868-20ce2d00-81a2-11eb-8613-23470a22b40d.png)
File Snapshot

 [4.0K]  /data/pocs/f517efb67222c45d85bf8faec16a82cc43596b2a
├── [ 954]  CVE-2021-26855.py
├── [240K]  PoC.JPG
└── [ 621]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →