Outlook Web Access Attachment Access

Type packetstorm
Reporter Ricardo Martins
Modified 2010-02-04T00:00:00


                                            `This trick is mostly useful but can also be used for wrong purposes. Since it is so simple, it’s probably already known for some people.  
If someone sends you a file through OWA but the file is blocked by a policy, this is what you can do:  
1-Install firefox  
2-Access your email and attachment with the following rule:  
http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML/<attachment filename>  
The best way is to try in following order:  
1- http://<hostname>/<OWA directory>/<mail box username>/Inbox – you see all your emails  
2- http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML – you see only your email with the blocked files  
3- http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML/<attachment filename> – you download the file  
The actual address could be different for a couple of reasons. Try to check the attachment URL and use it like shown above.  
This can also be exploited through a malicious email with a link inside pointing to the malware directly.  
Server environment: Exchange/ OWA 2003 6.5.76*  
Client environment: firefox 3.0.15  
Ricardo Martins  
CISA, ISO 27001/20000 LA  
Compliance & Consulting Manager  
Tel: +351 210 111 616 Fax: +351 210 111 618 www.cso.pt info@cso.pt   
Chief Security Officers, SA.  
Edificio Infante D. Henrique  
Rua João Chagas, 53 - 1º Esq.  
1495-764 Dafundo  
empresa do grupo  
Art of Knowledge  
 Pense no Ambiente antes de imprimir / Consider the Environment before printing