CVE-2017-9248 PoC — ASP.NET AJAX和Sitefinity Progress Telerik UI 安全漏洞

Source

https://github.com/cehamod/UI_CVE-2017-9248

Associated Vulnerability

Title:ASP.NET AJAX和Sitefinity Progress Telerik UI 安全漏洞 (CVE-2017-9248)
Description:ASP.NET AJAX是一个用于ASP.NET的控件；Sitefinity是一个开源的用于构建企业网站以及企业内部网络的平台。Progress Telerik UI是美国Telerik公司开发的一个用于处理AJAX的ASP.NET控件的UI（用户界面）。 ASP.NET AJAX R2 2017 SP1之前的版本和Sitefinity 10.0.6412.0之前的版本中的Progress Telerik UI的Telerik.Web.UI.dll存在安全漏洞，该漏洞源于程序没有正确的保护Telerik.

Description

Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)

Readme

# UI_CVE-2017-9248
Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)

File Snapshot


 [4.0K]  /data/pocs/b2bc3703fc5a0dd11a1faed84f22f779df4792cf
├── [ 17K]  dp_crypto.py
├── [4.0K]  images
│   ├── [ 91K]  key-link2_screenshot.png
│   ├── [144K]  key-link_screenshot.png
│   ├── [ 65K]  upload2_screenshot.png
│   └── [ 60K]  upload_screenshot.png
├── [ 11K]  LICENSE
└── [ 121]  README.md

1 directory, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!