admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-18935.md
0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37
2024-06-22 09:37:59 +00:00

89 lines
4.3 KiB
Markdown
Raw Blame History

### [CVE-2019-18935](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18935)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
### POC
#### Reference
- http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html
- https://github.com/noperator/CVE-2019-18935
- https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/
#### Github
- https://github.com/0e0w/LearnPython
- https://github.com/0xAgun/CVE-2019-18935-checker
- https://github.com/0xMrNiko/Awesome-Red-Teaming
- https://github.com/0xT11/CVE-POC
- https://github.com/1amUnvalid/Telerik-UI-Exploit
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Amar224/Pentest-Tools
- https://github.com/AnonVulc/Pentest-Tools
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/GhostTroops/TOP
- https://github.com/H1CH444MREB0RN/PenTest-free-tools
- https://github.com/HimmelAward/Goby_POC
- https://github.com/ImranTheThirdEye/AD-Pentesting-Tools
- https://github.com/JERRY123S/all-poc
- https://github.com/KasunPriyashan/Telerik-UI-ASP.NET-AJAX-Exploitation
- https://github.com/Mehedi-Babu/pentest_tools_repo
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RodricBr/OffSec-MISC
- https://github.com/S3cur3Th1sSh1t/Pentest-Tools
- https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet
- https://github.com/ThanHuuTuan/CVE_2019_18935
- https://github.com/ThanHuuTuan/Telerik_CVE-2019-18935
- https://github.com/Waseem27-art/ART-TOOLKIT
- https://github.com/YellowVeN0m/Pentesters-toolbox
- https://github.com/Z0fhack/Goby_POC
- https://github.com/aalexpereira/pipelines-tricks
- https://github.com/ahpaleus/ahp_cheatsheet
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/appliedi/Telerik_CVE-2019-18935
- https://github.com/bao7uo/RAU_crypto
- https://github.com/becrevex/Telerik_CVE-2019-18935
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dust-life/CVE-2019-18935-memShell
- https://github.com/elinakrmova/RedTeam-Tools
- https://github.com/emtee40/win-pentest-tools
- https://github.com/f0ur0four/Insecure-Deserialization
- https://github.com/ghostr00tt/test
- https://github.com/hack-parthsharma/Pentest-Tools
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/jared1981/More-Pentest-Tools
- https://github.com/jbmihoub/all-poc
- https://github.com/kdandy/pentest_tools
- https://github.com/lnick2023/nicenice
- https://github.com/luuquy/DecryptRawdata_CVE_2019_18935
- https://github.com/mandiant/heyserial
- https://github.com/mcgyver5/scrap_telerik
- https://github.com/merlinepedra/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools-1
- https://github.com/murataydemir/CVE-2019-18935
- https://github.com/nitishbadole/Pentest_Tools
- https://github.com/noperator/CVE-2019-18935
- https://github.com/pathakabhi24/Pentest-Tools
- https://github.com/pjgmonteiro/Pentest-tools
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/random-robbie/CVE-2019-18935
- https://github.com/retr0-13/Pentest-Tools
- https://github.com/rishaldwivedi/Public_Disclosure
- https://github.com/severnake/Pentest-Tools
- https://github.com/theyoge/AD-Pentesting-Tools
- https://github.com/vinhjaxt/telerik-rau
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
Reference in New Issue View Git Blame Copy Permalink