Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
757
VMScore

CVE-2017-11317

Published: 23/08/2017 Updated: 20/10/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 757
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ui For Asp.net Ajax

Vulnerability Summary

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote malicious users to perform arbitrary file uploads or execute arbitrary code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

telerik ui for asp.net ajax 2017.2.503

telerik ui for asp.net ajax 2017.2.621

telerik ui for asp.net ajax

Exploits

Exploit DB: Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
# Exploit Title: Telerik UI for ASPNET AJAX RadAsyncUpload uploader # Filename: RAU_cryptopy # Github: githubcom/bao7uo/RAU_crypto # Date: 2018-01-23 # Exploit Author: Paul Taylor / Foregenix Ltd # Website: wwwforegenixcom/blog # Version: Telerik UI for ASPNET AJAX # CVE: CVE-2017-11317, CVE-2017-11357 # Vendor Advisory: htt ...
Exploit DB: Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
This Metasploit module exploits the NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASPNET AJAX that is identified as CVE-2019-18935 In order to do so the module must upload a mixed mode NET assembly DLL which is then loaded through the deserialization flaw Uploading the file requires knowledge of the ...

Github Repositories

https://github.com/KasunPriyashan/Telerik-UI-ASP.NET-AJAX-Exploitation

Unrestricted File Upload by Weak Encryption affected versions (CVE-2017-11317) 2. Remote Code Execution by Insecure Deserialization - (CVE-2019-18935)

Telerik-UI-ASPNET-AJAX-Exploitation Unrestricted File Upload by Weak Encryption affected versions (CVE-2017-11317) 2 Remote Code Execution by Insecure Deserialization - (CVE-2019-18935)

https://github.com/mcgyver5/scrap_telerik

This script uses scrapy to search for Telerikwebui installations on our network and report on the version with the goal of detecting CVE-2019-18935 CVE-2017-11317 CVE-2014-2217

https://github.com/vinhjaxt/telerik-rau

Telerik Web UI Unrestricted File Upload (CVE-2017-11317) + Telerik Web UI RadAsyncUpload Deserialization githubcom/michael101096/cs2020_msels/tree/master/scripts/cves/telerik_cve-2019-18935 Telerik version: 20162504 Target target Proxy 127001:8080 Command githubcom/bao7uo/MixedUp curl -OL githubcom/bao7uo/RAU_crypto/blob/master/RAU

https://github.com/SABUNMANDICYBERTEAM/telerik

dp_crypto Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASPNET AJAX dialog handler) Published on exploit-db wwwexploit-dbcom/exploits/43873/ See also My other Telerik UI exploit (for CVE-2017-11317 and CVE-2017-11357) will probably also be of interest It is available here: githubcom/SABUNMANDICYBERTEAM/ Overview This exploit

https://github.com/bao7uo/RAU_crypto

Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)

RAU_crypto Combined exploit for Telerik UI for ASPNET AJAX File upload for CVE-2017-11317 and CVE-2017-11357 - will automatically upload the file NET deserialisation for CVE-2019-18935 Now supports testing for the target's ability to pull in remote payloads from an attacker-hosted SMB service Use Burp Collaborator and/or Responder to facilitate testing whether the n

https://github.com/ThanHuuTuan/CVE_2019_18935

This project for CVE-2019-18935

RAU_crypto Combined exploit for Telerik UI for ASPNET AJAX File upload for CVE-2017-11317 and CVE-2017-11357 - will automatically upload the file NET deserialisation for CVE-2019-18935 For exploitation to work, you generally need a version with hard coded keys, or you need to know the key, for example if you can disclose the contents of webconfig The exploit also allows

https://github.com/bao7uo/dp_crypto

Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)

dp_crypto Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASPNET AJAX dialog handler) Published on exploit-db Update 2020 - Please note that the version on exploit-db is now very out of date compared to the latest version here on GitHub wwwexploit-dbcom/exploits/43873/ See also My other Telerik UI exploit (for CVE-2017-11317 and CVE-2017-

References

CWE-326http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadhttps://www.exploit-db.com/exploits/43874/https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/43874/https://github.com/KasunPriyashan/Telerik-UI-ASP.NET-AJAX-Exploitation
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook