feat: add CVE-2018-8581 Microsoft Exchange Server SSRF/Privilege Escalation template

Description

This PR adds a comprehensive Nuclei detection template for CVE-2018-8581, a critical Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server’s EWS PushSubscription feature that enables privilege escalation to Domain Administrator.

/claim #14576 /attempt #14576

Template Features

Detection Methodology

Multi-phase detection with both Exchange2016 and Exchange2010_SP2 RequestServerVersion headers for broad compatibility
OAST verification via interactsh callbacks - confirms actual SSRF exploitation, not just endpoint detection
Robust matchers combining header analysis, NTLM challenge detection, and callback confirmation

Metadata Quality

Complete CVSS 3.1 scoring (8.8 High)
Proper CWE mappings (CWE-918 SSRF, CWE-287 Authentication)
EPSS score included (0.97108 - 99.8th percentile)
KEV (Known Exploited Vulnerabilities) marker
Shodan and FOFA queries for asset discovery
CPE identifier for vulnerability management integration

Code Quality

Clean, well-documented YAML structure
Follows nuclei-templates contribution guidelines
Multiple extractors for version and diagnostic information
No reliance on version-only detection

Affected Versions

Microsoft Exchange Server 2010 SP3
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

Template Validation

Debug output available upon request. The template has been designed to:

First confirm Exchange Server presence via characteristic headers (X-OWA-Version, X-FEServer)
Verify NTLM authentication challenge is presented
Confirm SSRF via OAST callback (definitive POC)

References

Checklist

Template follows naming convention
Template includes complete POC (not version-only detection)
Multiple matchers to prevent false positives
Proper metadata and classification
References provided
OAST-based verification included