Skip to content
Nuclei Templates

Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection

ID: CVE-2008-1547

Severity: medium

Author: ctflearner

Tags: cve2008,cve,redirect,owa,exchange,microsoft

Description

Section titled “Description”

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2008-1547


info:
  name: Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
  author: ctflearner
  severity: medium
  description: |
    Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
  impact: |
    An attacker can exploit this vulnerability to trick users into visiting malicious websites, leading to potential phishing attacks.
  remediation: |
    Apply the necessary security patches or upgrade to a newer version of Microsoft Exchange Server.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2008-1547
    - https://www.exploit-db.com/exploits/32489
    - http://securityreason.com/securityalert/4441
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/46061
    - https://github.com/tr3ss/newclei
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
    cvss-score: 4.3
    cve-id: CVE-2008-1547
    cwe-id: CWE-601
    epss-score: 0.03875
    epss-percentile: 0.9108
    cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: microsoft
    product: exchange_server
    shodan-query:
      - http.title:"Outlook"
      - http.favicon.hash:1768726119
      - http.title:"outlook"
      - cpe:"cpe:2.3:a:microsoft:exchange_server"
    fofa-query:
      - title="outlook"
      - icon_hash=1768726119
    google-query: intitle:"outlook"
  tags: cve2008,cve,redirect,owa,exchange,microsoft


http:
  - method: GET
    path:
      - "{{BaseURL}}/exchweb/bin/redir.asp?URL=https://interact.sh"
      - "{{BaseURL}}/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttps%3A%2F%2Finteract.sh&reason=0"


    stop-at-first-match: true
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# digest: 490a00463044022045ba34a1c0d8ff714d084b5ca3b820694483e6bc3b4cc7c95816fb1b91b2036602202a994e6879669ce8e55c4c027ad22f39f2bf6592be0afe58a66a58224d7499aa:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2008/CVE-2008-1547.yaml"

View on Github