admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 01:40:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Progress_Telerik_UI_for_ASP_NET_AJAX_Deserialization_CVE_2019_18935

Browse Source
This commit is contained in:
gaopeng2 2021-07-17 16:18:08 +08:00
parent 971289f1e9
commit fefcfe89ef
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Telerik-UI/CVE-2019-18935/Progress_Telerik_UI_for_ASP_NET_AJAX_Deserialization_CVE_2019_18935.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.4 MiB

9
Telerik-UI/CVE-2019-18935/REMAD.md Normal file
View File

@ -0,0 +1,9 @@
# Progress Telerik UI for ASP.NET AJAX Deserialization (CVE-2019-18935)
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
**FOFA query rule**: [app="Progress-Telerik-Sitefinity"](https://fofa.so/result?qbase64=YXBwPSJQcm9ncmVzcy1UZWxlcmlrLVNpdGVmaW5pdHki)
# Demo
![](Progress_Telerik_UI_for_ASP_NET_AJAX_Deserialization_CVE_2019_18935.gif)