Share
I. VULNERABILITY  
-------------------------  
Microsoft Skype for Business External Service Interaction (DNS)  
Latest Version  
  
II. CVE REFERENCE  
-------------------------  
Not Assigned Yet  
  
III. VENDOR  
-------------------------  
https://www.microsoft.com  
  
IV. TIMELINE  
-------------------------  
28/11/2019 Vulnerability discovered  
03/12/2019 Vendor contacted  
04/12/2019 Microsoft replay that โ€œWe determined that this behavior is  
considered to be by design.โ€  
  
V. CREDIT  
-------------------------  
Alphan Yavas from Biznet Bilisim A.S.  
  
VI. DESCRIPTION  
-------------------------  
Microsoft Skype for Business latest versions affected from external  
service interaction(DNS) vulnerability. A remote attacker could force  
the vulnerable server to send DNS request to any remote server  
attacker wants.  
  
VII. PROOF OF CONCEPT  
-------------------------  
Affected Component:  
Path(inurl): /Dialin/Conference.aspx  
Parameter: Username  
  
Login page of Skype for Business affected from external service  
interaction (DNS) vulnerability. If username is being sent with  
following format victim server will send out DNS queries to xxx  
domain. (xxx is the domain which you want to send request from  
server)  
  
username: ssrf.xxx.com\pentest  
password: (doesn't matter)  
  
Reference: https://portswigger.net/kb/issues/00300200_external-service-interaction-dns