Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-11317 PoC — Progress Telerik UI for ASP.NET AJAX 加密问题漏洞

Source
https://github.com/0xr2r/CVE-2017-11317-auto-exploit-
Associated Vulnerability
Title:Progress Telerik UI for ASP.NET AJAX 加密问题漏洞 (CVE-2017-11317)
Description:ASP.NET AJAX是一个用于ASP.NET的控件。Progress Telerik UI是美国Telerik公司开发的一个用于处理AJAX的ASP.NET控件的UI(用户界面)。 Progress Telerik UI for ASP.NET AJAX R1 2017之前的版本和R2 2017 SP2之前的R2版本中的Telerik.Web.UI存在安全漏洞,该漏洞源于程序使用较弱的RadAsyncUpload加密。远程攻击者可利用该漏洞上传任意文件或执行任意代码。
Readme
##Vulnerabilities##

(CVE-2017-11317) .

https://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference
File Snapshot

 [4.0K]  /data/pocs/ed6eb51ba38d783cc72c1eaf3edc6fba158b5145
├── [ 11K]  mass.py
└── [ 148]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.