Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability

Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks.
OWA 6.5 SP 2 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 31765
Class: Input Validation Error
CVE: CVE-2008-1547

Remote: Yes
Local: No
Published: Oct 15 2008 12:00AM
Updated: Jun 05 2019 11:00AM
Credit: Martin Suess
Vulnerable: Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003

Not Vulnerable: Microsoft Exchange Server 2007 SP 1

Exploit

An attacker can exploit this issue by enticing an unsuspecting victim into following a malicious URI.
The following example URIs are available:
https://webmail.example.com/exchweb/bin/redir.asp?URL=http://www.example2.com
https://webmail.example.com/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttp%3A%2F%2Fwww.example2.com&reason=0

References:

Exchange Server Home Page (Microsoft)
MS OWA 2003 Redirection Vulnerability (Martin Suess )
Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] (Davide Del Vecchio )
Re: Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] ("Giuseppe Gottardi" )

Source: www.securityfocus.com

Exploit Collector

Search Exploit