Outlook Web Access Attachment Access

2010-02-04T00:00:00
ID PACKETSTORM:85931
Type packetstorm
Reporter Ricardo Martins
Modified 2010-02-04T00:00:00

Description

                                        
                                            `This trick is mostly useful but can also be used for wrong purposes. Since it is so simple, it’s probably already known for some people.  
  
If someone sends you a file through OWA but the file is blocked by a policy, this is what you can do:  
  
1-Install firefox  
2-Access your email and attachment with the following rule:  
  
http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML/<attachment filename>  
  
E.g.:  
http://webmail.example.com/Exchange/myusername/Inbox/virus.EML/virus.zip  
  
The best way is to try in following order:  
  
1- http://<hostname>/<OWA directory>/<mail box username>/Inbox – you see all your emails  
2- http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML – you see only your email with the blocked files  
3- http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML/<attachment filename> – you download the file  
  
The actual address could be different for a couple of reasons. Try to check the attachment URL and use it like shown above.  
  
This can also be exploited through a malicious email with a link inside pointing to the malware directly.  
  
Server environment: Exchange/ OWA 2003 6.5.76*  
Client environment: firefox 3.0.15  
  
Ricardo Martins  
CISA, ISO 27001/20000 LA  
Compliance & Consulting Manager  
  
Tel: +351 210 111 616 Fax: +351 210 111 618 www.cso.pt info@cso.pt   
  
______________________________  
  
Chief Security Officers, SA.  
Edificio Infante D. Henrique  
Rua João Chagas, 53 - 1º Esq.  
1495-764 Dafundo  
Portugal  
  
empresa do grupo  
Art of Knowledge  
  
 Pense no Ambiente antes de imprimir / Consider the Environment before printing  
  
  
`