How I find Microsoft sever RCE issues they fixed but didn’t pay any bounty
ProxyShell is an attack chain that exploits three known vulnerabilities in Microsoft Exchange: CVE-2021–34473, CVE-2021–34523 and CVE-2021–31207. By exploiting these vulnerabilities, attackers can perform remote code execution.
Hi bug hunters you often see that who got $$$$ money from MSRC , but I want to tell you a nagtive story me and MSRC, you can decide if you can trust MSRC.
One day I just check Microsoft Exchange issues with Shodan platform, one IP just came to my eyes , there is “msft” in the banner information, OH! MSFT that is the shorter of the stock of Microsoft.
It is “msftonlinelab.com”
I check this domain with Whois ,Oh you can see this owner is Microsoft.
You see This IP/Domain has the Proxyshell vulnerability
OK we try this IP/domain with Metasploit
Boom!!!
Let’s enum more sbudomains with “msftonlinelab.com”
I got four more subdomains have Proxyshell vulnerability
qaehtesh01.msftonlinelab.com(101.230.250.248)
sylviazhang.msftonlinelab.com (101.230.224.229)
mail2.hulili.msftonlinelab.com (101.230.224.161)
zhiyintang.msftonlinelab.com (101.230.250.172)
Most we can check the vulnerability history with Shodan
Blow is all my record for the reports
I report these issues to MSRC soon
But sadly after about 1 month they fixed all issues but I got negative messages, they said all issues are : Out of scope, a moderate severity issue?
