Bugtraq mailing list archives
Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability
From: Jabłoński, Paweł <PJablonski () ivmx pl>
Date: Fri, 21 May 2010 23:56:53 +0200
Not working at my environment: Tested on Firefox 3.6.3 (Linux). OWA version: 8.2.254.0 Exception type: Microsoft.Exchange.Data.Storage.CorruptDataException. OWA uses System.Convert.FromBase64String(String s) for parsing the address, so even when you try to put the representation there, you should get the invalid format of serialized ID anyways. Weird it goes through at yours. Regards, Pawel Jablonski
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ "Microsoft Outlook Web Access (OWA) version 8.2.254.0" OS: Windows Server 2003 Internet Explorer 7 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ There is an information disclosure vulnerability in "Microsoft Outlook Web Access (OWA) version 8.2.254.0".
The issue is with the id parameter.
Following are different exploitation techniques: https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script> https://example.com/owa/?ae=Folder&t=IPF.Note&id= https://example.com/owa/?ae=Folder&t=IPF.Note&id=A
Whom to contact to get a CVE Identifier for this vulnerability.
Best Regards, Praveen Darshanam, Security Researcher, INDIA
Current thread:
- Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability praveen_recker (May 21)
- Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability Jabłoński , Paweł (May 25)
- <Possible follow-ups>
- Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability info (May 25)