{"uuid": "96b18120-cc66-4f48-a2a1-b5dbcc7d23d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41082", "type": "exploited", "source": "https://t.me/arm1tage/385", "content": "\ud83d\udca3 ProxyNotShell PoC\n\nProxyNotShell this is a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery vulnerability (CVE-2022-41040) and a second vulnerability that allows Remote Code Execution (CVE-2022-41082) when PowerShell is available on the Exchange Server.\n\nResearch:\nhttps://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend\n\nNmap Checker:\nhttps://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse\n\nPoC:\nhttps://github.com/testanull/ProxyNotShell-PoC\n\n#exchange #proxynotshell #ssrf #rce", "creation_timestamp": "2023-01-10T18:22:25.000000Z"}