Reporter Ricardo Martins
`This trick is mostly useful but can also be used for wrong purposes. Since it is so simple, it’s probably already known for some people.
If someone sends you a file through OWA but the file is blocked by a policy, this is what you can do:
2-Access your email and attachment with the following rule:
http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML/<attachment filename>
The best way is to try in following order:
1- http://<hostname>/<OWA directory>/<mail box username>/Inbox – you see all your emails
2- http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML – you see only your email with the blocked files
3- http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML/<attachment filename> – you download the file
The actual address could be different for a couple of reasons. Try to check the attachment URL and use it like shown above.
This can also be exploited through a malicious email with a link inside pointing to the malware directly.
Server environment: Exchange/ OWA 2003 6.5.76*
Client environment: firefox 3.0.15
CISA, ISO 27001/20000 LA
Compliance & Consulting Manager
Tel: +351 210 111 616 Fax: +351 210 111 618 www.cso.pt email@example.com
Chief Security Officers, SA.
Edificio Infante D. Henrique
Rua João Chagas, 53 - 1º Esq.
empresa do grupo
Art of Knowledge
Pense no Ambiente antes de imprimir / Consider the Environment before printing