H1-838196 — Vulnetix

H1-838196 PUBLISHED

Remote Code Execution via Insecure Deserialization in Telerik UI

Exploit Intelligence

Arbitrary code execution analysis based on Telerik-UI. This will be done so that the article can be read by others. The document provides an in-depth explanation of the various vectors involved with Telerik-UI for ASP.NET AJAX, as well as POST requests, the architecture of ASP.NET AJAX, (github-poc-repo)
0xr2r/CVE-2017-11317-auto-exploit- (github-poc-repo)
This project for CVE-2019-18935 (github-poc-repo)
TelerikUI Vulnerability Scanner (CVE-2019-18935) (github-poc-repo)
Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) (github-poc-repo)
[CVE-2019-18935] Telerik UI for ASP.NET AJAX (RadAsyncUpload Handler) .NET JSON Deserialization (github-poc-repo)
CVE-2019-18935 (github-poc-repo)
TelerikUI Vulnerability Scanner (CVE-2019-18935) (github-poc-repo)
0xAgun/CVE-2019-18935-checker (github-poc-repo)
RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX. (github-poc-repo)

…and 38 more exploits

Timeline

May 7, 2020 CVE Published
May 7, 2020 PoC Published
May 17, 2020 PoC Published

References

Remote Code Execution via Insecure Deserialization in Telerik UI advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›