Skip to content
/ CVE-2022-41040-metasploit-ProxyNotShell Public

the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.

36 stars 17 forks Branches Tags Activity
Star
Notifications

TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

README.md

README.md

 
 

microsoft_exchange_server_proxynotshell_ssrf.py

microsoft_exchange_server_proxynotshell_ssrf.py

 
 

poc.png

poc.png

 
 

Repository files navigation

CVE-2022-41040-metasploit-ProxyNotShell

the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.

preparation POC

git clone https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell
cd CVE-2022-41040-metasploit-ProxyNotShell
mkdir -p ~/.msf4/modules/auxiliary/scanner/http
cp microsoft_exchange_server_proxynotshell_ssrf.py ~/.msf4/modules/auxiliary/scanner/http/
chmod +x ~/.msf4/modules/auxiliary/scanner/http/microsoft_exchange_server_proxynotshell_ssrf.py
msfconsole

POC usage

set rhosts <vuln ip/host>
set rport <vuln port>
set rssl <default: true for https>
exploit

result

poc

reference

About

the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.

Resources

Readme
Activity

Stars

36 stars

Watchers

2 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages