Discover and read the best of Twitter Threads about #ProxyNotShell

Most recents (2)

🚨New #MicrosoftExchange #vulnerabilities were disclosed, including CVE-2022-41040 and CVE-2022-41082. Threat actors can easily exploit the new vulnerabilities, and bypass #ProxyNotShell URL rewrite mitigations, resulting in many companies facing further #ransomware #attacks.
An example of what such an exploit can do is shown in the picture below, where the #threat actor #FIN7 developed tailored systems to quickly discover and infiltrate the high-value targets by performing mass scans using #Microsoft #exchange #vulnerabilities.
Our PTI team has already observed activities involving recent vulnerabilities in the wild. Therefore, #PRODAFT recommends that companies fix the vulnerabilities as soon as possible to avoid serious consequences.
Read 4 tweets
I wrote a quick Nmap script to scan for servers potentially vulnerable to #ProxyNotShell (based on Microsoft's recommended URL blocking rule) I hope it can be useful for someone :)

[+] github.com/CronUp/Vulnera…

#0day CVE-2022-40140 CVE-2022-41082
Basically, it sends an SSRF-like request adding the string "Powershell" in the URI, if there is no block and the server returns the header "X-FEServer" with the server name, then it is potentially vulnerable.

Also in its mass scanning version ~
Updated script, added #ProxyShell validation and some error handling, thanks to @CesarSilence and @GossiTheDog for their ProxyShell checker template (I was missing the "redirect_ok=false") :D
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!