I. VULNERABILITY ------------------------- Microsoft Skype for Business External Service Interaction (DNS) Latest Version II. CVE REFERENCE ------------------------- Not Assigned Yet III. VENDOR ------------------------- https://www.microsoft.com IV. TIMELINE ------------------------- 28/11/2019 Vulnerability discovered 03/12/2019 Vendor contacted 04/12/2019 Microsoft replay that “We determined that this behavior is considered to be by design.” V. CREDIT ------------------------- Alphan Yavas from Biznet Bilisim A.S. VI. DESCRIPTION ------------------------- Microsoft Skype for Business latest versions affected from external service interaction(DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants. VII. PROOF OF CONCEPT ------------------------- Affected Component: Path(inurl): /Dialin/Conference.aspx Parameter: Username Login page of Skype for Business affected from external service interaction (DNS) vulnerability. If username is being sent with following format victim server will send out DNS queries to xxx domain. (xxx is the domain which you want to send request from server) username: ssrf.xxx.com\pentest password: (doesn't matter) Reference: https://portswigger.net/kb/issues/00300200_external-service-interaction-dns
