CVE-2019-18935

CVE-2019-18935

CVE-2019-18935 CVE-2019-18935

Cheatsheet & Research notes for my own purpose.

Research notes for my private purposes :) Contents Burp Suite Professional Docker Ubuntu Web Applications Security XSS XXE LFI ESI SSTI Request Smuggling Hackvertor SQL Injection PHP ASPNET PDF Infrastructure Network Active Directory /dev/null Unix filesystem low-level IDA PRO Heap Exploitation Mobile iOS Android Kernel Exploitation Static Code Analysis Burp Suite

Unrestricted File Upload by Weak Encryption affected versions (CVE-2017-11317) 2. Remote Code Execution by Insecure Deserialization - (CVE-2019-18935)

Telerik-UI-ASPNET-AJAX-Exploitation Unrestricted File Upload by Weak Encryption affected versions (CVE-2017-11317) 2 Remote Code Execution by Insecure Deserialization - (CVE-2019-18935)

《Python学习资源大全》

LearnPython 本项目是记录自己在学习Python的过程中遇到的一些优秀内容，包括优秀的学习资源或优秀的项目代码等。尽可能的熟练使用Python，尽可能的深入理解Python。人生苦短，我用Python！作者：0e0w 关于Python的学习教程，可以参考《365天深入理解Python》。Life is short I use Python! 本项目创建

Telerik UI Exploit

Telerik-UI-Exploit Telerik UI Exploit curl -sk 1072318613/TelerikWebUIWebResourceaxd?type=rau curl -sk Get the answer - { "message" : "RadAsyncUpload handler is registered successfully, however, it may not be accessed directly" } Get the versio via GREP curl -skL 1072318613 | grep -oE '20[0-9]{2}([0-9]*)+' curl -skL

[CVE-2019-18935] Telerik UI for ASP.NET AJAX (RadAsyncUpload Handler) .NET JSON Deserialization

[CVE-2019-18935] Telerik UI for ASPNET AJAX (RadAsyncUpload Handler) NET JSON Deserialization Version List 20071423 20071521 20071626 20072918 200721010 200721107 200731218 200731314 200731425 20081415 20081515 20081619 20082723 20082826 200821001 200831105 200831125 200831314 20091311 20091402 20091527 20092701 20092826 200931103 200931208 2009313

This script uses scrapy to search for Telerikwebui installations on our network and report on the version with the goal of detecting CVE-2019-18935 CVE-2017-11317 CVE-2014-2217

Telerik Web UI Unrestricted File Upload (CVE-2017-11317) + Telerik Web UI RadAsyncUpload Deserialization githubcom/michael101096/cs2020_msels/tree/master/scripts/cves/telerik_cve-2019-18935 Telerik version: 20162504 Target target Proxy 127001:8080 Command githubcom/bao7uo/MixedUp curl -OL githubcom/bao7uo/RAU_crypto/blob/master/RAU

RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.

CVE-2019-18935 Proof-of-concept exploit for a NET JSON deserialization vulnerability in Telerik UI for ASPNET AJAX allowing remote code execution Description Telerik UI for ASPNET AJAX is a widely used suite of UI components for web applications It insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's

CVE-2019-18935 Proof-of-concept exploit for a NET JSON deserialization vulnerability in Telerik UI for ASPNET AJAX allowing remote code execution Description Telerik UI for ASPNET AJAX is a widely used suite of UI components for web applications It insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's

TelerikUI Vulnerability Scanner (CVE-2019-18935)

TelerikUI Python Scanner (telerik_rce_scanpy) Examples Assess an IP for CVE-2019-18935 $ python3 telerik_rce_scanpy -t 1921684421 Assess a hostname for CVE-2019-18935 $ python3 telerik_rce_scanpy -t vulnerableteleriknet Assess a CIDR network range for CVE-2019-18935 $ python3 telerik_rce_scanpy -r 2325340/24 Assess a list of targerts $ python3 telerik_rce_scanpy -

Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)

RAU_crypto Combined exploit for Telerik UI for ASPNET AJAX File upload for CVE-2017-11317 and CVE-2017-11357 - will automatically upload the file NET deserialisation for CVE-2019-18935 Now supports testing for the target's ability to pull in remote payloads from an attacker-hosted SMB service Use Burp Collaborator and/or Responder to facilitate testing whether the n

This project for CVE-2019-18935

RAU_crypto Combined exploit for Telerik UI for ASPNET AJAX File upload for CVE-2017-11317 and CVE-2017-11357 - will automatically upload the file NET deserialisation for CVE-2019-18935 For exploitation to work, you generally need a version with hard coded keys, or you need to know the key, for example if you can disclose the contents of webconfig The exploit also allows

Sharing POC's of latest discovery

Public_Disclosure Sharing POC's of latest discovery Unauthenticated RCE in learnnowtelekomde/ Vulnerability – Insecure Deserialzation Vulnerability Vulnerability Description – Telerik UI for ASPNET (Version - 201631018) was being used by the application It suffers from a known vulnerability CVE-2019-18935 (Insecure Deserialization) Using basic fi

CVE-2019-18935-checker

CVE-2019-18935-memShell source CVE-2019-18935-Memshell Compile csc /target:module emptycs cl /c memShellcpp link /DLL /LTCG /CLRIMAGETYPE:IJW /out:memShelldll memShellobj emptynetmodule

TelerikUI Vulnerability Scanner (CVE-2019-18935)

TelerikUI Python Scanner (telerik_rce_scanpy) Examples Assess an IP for CVE-2019-18935 $ python3 telerik_rce_scanpy -t 1921684421 Assess a hostname for CVE-2019-18935 $ python3 telerik_rce_scanpy -t vulnerableteleriknet Assess a CIDR network range for CVE-2019-18935 $ python3 telerik_rce_scanpy -r 2325340/24 Assess a list of targerts $ python3 telerik_rce_scanpy -