H1-1119228

Exploit Intelligence

• [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
• Microsoft Exchange CVE-2021-26855&CVE-2021-27065 (github-poc-repo)
• ProxyLogon (CVE-2021-26855+CVE-2021-27065) Exchange Server RCE (SSRF->GetWebShell) (github-poc-repo)
• cve-2019-11510, cve-2019-19781, cve-2020-5902,               cve-2021-1497, cve-2021-20090, cve-2021-22006, cve-2021-22205, cve-2021-26084, cve-2021-26855, cve-2021-26857, cve-2021–26857, cve-2021–26858, cve-2021–26865 (github-poc-repo)
• ShyTangerine/cve-2021-26855 (github-poc-repo)
• CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. (github-poc-repo)
• CVE-2021-26855: PoC (Not a HoneyPoC for once!) (github-poc-repo)
• glen-pearson/ProxyLogon-CVE-2021-26855 (github-poc-repo)
• Wercd/CVE-2021-26855 (github-poc-repo)
• An advanced exploit for Microsoft Exchange Server (CVE-2021-26855, CVE-2021-27065) enhanced with Convergent Time Theory principles, achieving near-perfect theoretical rating through quantum temporal resonance and α-dispersion techniques. (github-poc-repo)

…and 65 more exploits

Timeline

• Mar 24, 2021 CVE Published
• Mar 24, 2021 PoC Published
• Sep 11, 2024 PoC Published

References

• CVE-2021-26855 on ████████ resulting in SSRF advisory