0x1 CVE-2021-26855

March 15, 2021

# Exploit Title: ExProlog-CVE-2021-26855 (SSRF to RCE)
# Date: 2021-03-15
# Exploit Author: vulncode <vulncode@protonmail.com>
# Vendor Homepage: https://www.microsoft.com
# Software Link: https://www.microsoft.com
# CVE : CVE-2021-26855 (CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Description

ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution.

Reference: ProxyLogon

Exploit

– GitHub