CVE-2017-17736 PoC — Kentico 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-17736.yaml

Associated Vulnerability

Title:Kentico 安全漏洞 (CVE-2017-17736)
Description:Kentico是美国Kentico软件公司的一套基于ASP.NET的内容管理系统（CMS）。该系统主要由两大工具组成：Kentico CMS Desk是用于编辑网页中的内容；Kentico CMS Controls是用于编辑和控制网页中各种元素。 Kentico 9.0.51之前的9.0版本和10.0.48之前的10.0版本中存在安全漏洞。远程攻击者可通过访问CMSInstall/install.aspx文件并导航到CMS Administration Dashboard上利用该漏洞获取全局管理员访问权限

Description

Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.

File Snapshot


 id: CVE-2017-17736

info:
  name: Kentico - Installer Privilege Escalation
  author: shiar
  severit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!