Best SSRF bypass

http://127.1/
http://0000::1:80/
http://[::]:80/
http://2130706433/
http://whitelisted@127.0.0.1
http://0x7f000001/
http://017700000001
http://0177.00.00.01

#ssrf #bugbounty #bugbountytips

Decoding PDF Injection

This article talks about PDF injection from scratch to the execution of XSS and SSRF via PDF injection.

https://medium.com/@urshilaravindran/pdf-injection-in-simple-words-8c399f92593c

#pdf #xss #ssrf #injection

💣 ProxyNotShell PoC

ProxyNotShell this is a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery vulnerability (CVE-2022-41040) and a second vulnerability that allows Remote Code Execution (CVE-2022-41082) when PowerShell is available on the Exchange Server.

Research:
https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend

Nmap Checker:
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse

PoC:
https://github.com/testanull/ProxyNotShell-PoC

UPD:
PoC for Python3
Thanks to @hackerralf8
https://xn--r1a.website/RalfHackerChannel/1286

#exchange #proxynotshell #ssrf #rce

😈 OWASSRF — New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations

CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.

https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/

#owa #exchange #ssrf #proxynotshell

😈 Microsoft Exchange: OWASSRF + TabShell
(CVE-2022-41076)

The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.

For a detailed write see research:
https://blog.viettelcybersecurity.com/tabshell-owassrf/

PoC:
https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e

#owa #ssrf #tabshell #poc