Bugtraq mailing list archives
External Service Interaction (DNS) on Skype for Business
From: Alphan YAVAS <alphan.yv () gmail com>
Date: Fri, 6 Dec 2019 10:07:24 +0300
I. VULNERABILITY ------------------------- Microsoft Skype for Business External Service Interaction (DNS) Latest Version II. CVE REFERENCE ------------------------- Not Assigned Yet III. VENDOR ------------------------- https://www.microsoft.com IV. TIMELINE ------------------------- 28/11/2019 Vulnerability discovered 03/12/2019 Vendor contacted 04/12/2019 Microsoft replay that “We determined that this behavior is considered to be by design.” V. CREDIT ------------------------- Alphan Yavas from Biznet Bilisim A.S. VI. DESCRIPTION ------------------------- Microsoft Skype for Business latest versions affected from external service interaction(DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants. VII. PROOF OF CONCEPT ------------------------- Affected Component: Path(inurl): /Dialin/Conference.aspx Parameter: Username Login page of Skype for Business affected from external service interaction (DNS) vulnerability. If username is being sent with following format victim server will send out DNS queries to xxx domain. (xxx is the domain which you want to send request from server) username: ssrf.xxx.com\pentest password: (doesn't matter) Reference: https://portswigger.net/kb/issues/00300200_external-service-interaction-dns
Current thread:
- External Service Interaction (DNS) on Skype for Business Alphan YAVAS (Dec 06)
- <Possible follow-ups>
- External Service Interaction (DNS) on Skype for Business Alphan YAVAS (Dec 06)