CVE 2018 8581 template

PR Information

/claim #14576

Added CVE-2018-8581 - Microsoft Exchange Server SSRF Privilege Escalation
This template detects a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server’s EWS PushSubscription API that can be exploited for privilege escalation to Domain Admin via NTLM relay attacks.
This is a KEV (Known Exploited Vulnerability) with active exploitation in the wild.
References:

Template validation

Validated with a host running a vulnerable version and/or configuration (True Positive)
Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

Template Detection Method:

Uses EWS PushSubscription SOAP API to trigger SSRF
Validates vulnerability via OOB (out-of-band) HTTP interaction using interactsh
Requires authentication (username/password variables)
Not relying solely on version-based detection - proves exploitability

Shodan Query: cpe:"cpe:2.3:a:microsoft:exchange_server"

FOFA Query: app="Microsoft-Exchange"

Testing Command:

nuclei -t http/cves/2018/CVE-2018-8581.yaml -target [https://exchange.example.com](https://exchange.example.com) -var username=user@domain.com -var password=P@ssw0rd -debug

### Additional References:

- [Nuclei Template Creation Guideline](https://docs.projectdiscovery.io/templates/introduction)
- [Nuclei Template Matcher Guideline](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/CONTRIBUTING.md)
- [PD-Community Discord server](https://discord.gg/projectdiscovery)

PR Information

Template validation

Additional Details (leave it blank if not applicable)

Claim

Contributors

Sponsors