Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-11317 PoC — Progress Telerik UI for ASP.NET AJAX 加密问题漏洞

Source
https://github.com/KasunPriyashan/Unrestricted-File-Upload-by-Weak-Encryption-affected-versions-CVE-2017-11317-Remote-Code-Execut
Associated Vulnerability
Title:Progress Telerik UI for ASP.NET AJAX 加密问题漏洞 (CVE-2017-11317)
Description:ASP.NET AJAX是一个用于ASP.NET的控件。Progress Telerik UI是美国Telerik公司开发的一个用于处理AJAX的ASP.NET控件的UI(用户界面)。 Progress Telerik UI for ASP.NET AJAX R1 2017之前的版本和R2 2017 SP2之前的R2版本中的Telerik.Web.UI存在安全漏洞,该漏洞源于程序使用较弱的RadAsyncUpload加密。远程攻击者可利用该漏洞上传任意文件或执行任意代码。
Description
Arbitrary code execution analysis based on Telerik-UI. This will be done so that the article can be read by others. The document provides an in-depth explanation of the various vectors involved with Telerik-UI for ASP.NET AJAX, as well as POST requests, the architecture of ASP.NET AJAX,
File Snapshot

 [4.0K]  /data/pocs/ea0d320d815787a8b9a4783b3511be22613b3eb6

0 directories, 0 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.