cve/2019/CVE-2019-18935.md

### [CVE-2019-18935](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18935)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)

### POC

#### Reference
- http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html
- https://github.com/noperator/CVE-2019-18935
- https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/

#### Github
- https://github.com/0e0w/LearnPython
- https://github.com/0xAgun/CVE-2019-18935-checker
- https://github.com/0xMrNiko/Awesome-Red-Teaming
- https://github.com/0xT11/CVE-POC
- https://github.com/1amUnvalid/Telerik-UI-Exploit
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Amar224/Pentest-Tools
- https://github.com/AnonVulc/Pentest-Tools
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/GhostTroops/TOP
- https://github.com/H1CH444MREB0RN/PenTest-free-tools
- https://github.com/HimmelAward/Goby_POC
- https://github.com/ImranTheThirdEye/AD-Pentesting-Tools
- https://github.com/JERRY123S/all-poc
- https://github.com/KasunPriyashan/Telerik-UI-ASP.NET-AJAX-Exploitation
- https://github.com/Mehedi-Babu/pentest_tools_repo
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RodricBr/OffSec-MISC
- https://github.com/S3cur3Th1sSh1t/Pentest-Tools
- https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet
- https://github.com/ThanHuuTuan/CVE_2019_18935
- https://github.com/ThanHuuTuan/Telerik_CVE-2019-18935
- https://github.com/Waseem27-art/ART-TOOLKIT
- https://github.com/YellowVeN0m/Pentesters-toolbox
- https://github.com/Z0fhack/Goby_POC
- https://github.com/aalexpereira/pipelines-tricks
- https://github.com/ahpaleus/ahp_cheatsheet
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/appliedi/Telerik_CVE-2019-18935
- https://github.com/bao7uo/RAU_crypto
- https://github.com/becrevex/Telerik_CVE-2019-18935
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dust-life/CVE-2019-18935-memShell
- https://github.com/elinakrmova/RedTeam-Tools
- https://github.com/emtee40/win-pentest-tools
- https://github.com/f0ur0four/Insecure-Deserialization
- https://github.com/ghostr00tt/test
- https://github.com/hack-parthsharma/Pentest-Tools
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/jared1981/More-Pentest-Tools
- https://github.com/jbmihoub/all-poc
- https://github.com/kdandy/pentest_tools
- https://github.com/lnick2023/nicenice
- https://github.com/luuquy/DecryptRawdata_CVE_2019_18935
- https://github.com/mandiant/heyserial
- https://github.com/mcgyver5/scrap_telerik
- https://github.com/merlinepedra/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools-1
- https://github.com/murataydemir/CVE-2019-18935
- https://github.com/nitishbadole/Pentest_Tools
- https://github.com/pathakabhi24/Pentest-Tools
- https://github.com/pjgmonteiro/Pentest-tools
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/random-robbie/CVE-2019-18935
- https://github.com/retr0-13/Pentest-Tools
- https://github.com/rishaldwivedi/Public_Disclosure
- https://github.com/severnake/Pentest-Tools
- https://github.com/theyoge/AD-Pentesting-Tools
- https://github.com/vinhjaxt/telerik-rau
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-18935](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18935)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html`
			`- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html`
			`- https://github.com/noperator/CVE-2019-18935`
			`- https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/`

			`#### Github`
			`- https://github.com/0e0w/LearnPython`
			`- https://github.com/0xAgun/CVE-2019-18935-checker`
			`- https://github.com/0xMrNiko/Awesome-Red-Teaming`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/1amUnvalid/Telerik-UI-Exploit`
			`- https://github.com/20142995/Goby`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Amar224/Pentest-Tools`
			`- https://github.com/AnonVulc/Pentest-Tools`
			`- https://github.com/CVEDB/PoC-List`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/H1CH444MREB0RN/PenTest-free-tools`
			`- https://github.com/HimmelAward/Goby_POC`
			`- https://github.com/ImranTheThirdEye/AD-Pentesting-Tools`
			`- https://github.com/JERRY123S/all-poc`
			`- https://github.com/KasunPriyashan/Telerik-UI-ASP.NET-AJAX-Exploitation`
			`- https://github.com/Mehedi-Babu/pentest_tools_repo`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/RodricBr/OffSec-MISC`
			`- https://github.com/S3cur3Th1sSh1t/Pentest-Tools`
			`- https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet`
			`- https://github.com/ThanHuuTuan/CVE_2019_18935`
			`- https://github.com/ThanHuuTuan/Telerik_CVE-2019-18935`
			`- https://github.com/Waseem27-art/ART-TOOLKIT`
			`- https://github.com/YellowVeN0m/Pentesters-toolbox`
			`- https://github.com/Z0fhack/Goby_POC`
			`- https://github.com/aalexpereira/pipelines-tricks`
			`- https://github.com/ahpaleus/ahp_cheatsheet`
			`- https://github.com/alphaSeclab/sec-daily-2019`
			`- https://github.com/appliedi/Telerik_CVE-2019-18935`
			`- https://github.com/bao7uo/RAU_crypto`
			`- https://github.com/becrevex/Telerik_CVE-2019-18935`
			`- https://github.com/cyberanand1337x/bug-bounty-2022`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/dust-life/CVE-2019-18935-memShell`
			`- https://github.com/elinakrmova/RedTeam-Tools`
			`- https://github.com/emtee40/win-pentest-tools`
			`- https://github.com/f0ur0four/Insecure-Deserialization`
			`- https://github.com/ghostr00tt/test`
			`- https://github.com/hack-parthsharma/Pentest-Tools`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/jared1981/More-Pentest-Tools`
			`- https://github.com/jbmihoub/all-poc`
			`- https://github.com/kdandy/pentest_tools`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/luuquy/DecryptRawdata_CVE_2019_18935`
			`- https://github.com/mandiant/heyserial`
			`- https://github.com/mcgyver5/scrap_telerik`
			`- https://github.com/merlinepedra/Pentest-Tools`
			`- https://github.com/merlinepedra25/Pentest-Tools`
			`- https://github.com/merlinepedra25/Pentest-Tools-1`
			`- https://github.com/murataydemir/CVE-2019-18935`
			`- https://github.com/nitishbadole/Pentest_Tools`
			`- https://github.com/pathakabhi24/Pentest-Tools`
			`- https://github.com/pjgmonteiro/Pentest-tools`
			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/random-robbie/CVE-2019-18935`
			`- https://github.com/retr0-13/Pentest-Tools`
			`- https://github.com/rishaldwivedi/Public_Disclosure`
			`- https://github.com/severnake/Pentest-Tools`
			`- https://github.com/theyoge/AD-Pentesting-Tools`
			`- https://github.com/vinhjaxt/telerik-rau`
			`- https://github.com/weeka10/-hktalent-TOP`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`