关联漏洞
标题:Microsoft .NET Framework 安全漏洞 (CVE-2017-8759)Description:Microsoft .NET Framework是美国微软(Microsoft)公司开发的一种全面且一致的编程模型,也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。该平台包括C#和Visual Basic编程语言、公共语言运行库和广泛的类库。 Microsoft .NET Framework中存在远程代码执行漏洞。远程攻击者可借助恶意的文档或引用程序利用该漏洞执行代码。以下版本受到影响
Description
CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.
介绍
CVE-2017-8759 Weaponisation PoC
===============================
This repository contains data that can be used to weaponise the CVE-2017-8759 vulnerability.
For full information visit https://www.mdsec.co.uk/blog/ to find the post related to this vulnerability.
As always, my research is aimed to help the community become more aware of rising threats as well as the adversary simulation community to better simulate realistic threats against our client base in order to better educate and inform them. My research should not be used against a target without prior consent.
Video for weaponisation can be found at https://www.youtube.com/watch?v=hlkx5uYBT1Y
Credits
=======
Credits to myself, Vincent Yiu @vysecurity for the weaponisation in RTF form with no interaction required.
Credits to @voulnet for the exploit.txt.
文件快照
[4.0K] /data/pocs/70433fbc95b2361fb26f6578027669de01bc8b51
├── [2.5K] blob.bin
├── [1.2K] exploit.txt
└── [ 843] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。