Microsoft Outlook Web Access (OWA) - Information Disclosure Vulnerability

EDB-ID: 12728 CVE: 2010-2091 OSVDB-ID: 64980
Verified: Author: Praveen Darshanam Published: 2010-05-24
Download Exploit: Source Raw Download Vulnerable App: N/A

"Microsoft Outlook Web Access (OWA) version"

OS: Windows Server 2003

Internet Explorer 7


There is an information disclosure vulnerability in "Microsoft Outlook Web
Access (OWA) version".

The issue is with the id parameter.

Following are different exploitation techniques:<script>alert("HHH")</script<>

Best Regards,
Praveen Darshanam,
Security Researcher,