Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery Vulnerability

ID 1337DAY-ID-28663
Type zdt
Reporter hyp3rlinx
Modified 2017-09-28T00:00:00


Exploit for php platform in category web applications

                                            [+] Credits: John Page (aka hyp3rlinx)  
[+] Website:
[+] Source:
[+] ISR: ApparitionSec            
v11.0 and XG (12.0)*
OfficeScan protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks.
An integrated solution, OfficeScan consists of the OfficeScan agent program that resides at the endpoint and a server program that
manages all agents. The OfficeScan agent guards the endpoint and reports its security status to the server. The server, through the
web-based management console, makes it easy to set coordinated security policies and deploy updates to every agent.
Vulnerability Type:
Unautherized Server Side Request Forgery
CVE Reference:
Security Issue:
Unauthorized LAN attackers that can reach the OfficeScan XG application can make arbitrary HTTP requests to external and internal servers.
Abusing a Server Side Request Forgery flaw in the "help_Proxy.php" functionality.
python -m SimpleHTTPServer 8080
Serving HTTP on port 8080 ...
<REQUESTED-IP> - - [31/May/2017 12:21:41] "GET / HTTP/1.1" 200 -
help_proxy.php HTTP response:

# [2018-01-02]  #