Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-18935 PoC — Progress Telerik UI for ASP.NET AJAX 代码问题漏洞

Source
https://github.com/dust-life/CVE-2019-18935-memShell
Associated Vulnerability
Title:Progress Telerik UI for ASP.NET AJAX 代码问题漏洞 (CVE-2019-18935)
Description:Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
Readme
# CVE-2019-18935-memShell
source [CVE-2019-18935-Memshell](https://mp.weixin.qq.com/s/DCn6zknFWShefAzmFa0zQA)

## Compile

```
csc /target:module empty.cs
cl /c memShell.cpp
link /DLL /LTCG /CLRIMAGETYPE:IJW /out:memShell.dll memShell.obj empty.netmodule
```
File Snapshot

 [4.0K]  /data/pocs/51285ef6d986b380ac3b2c1b53a8357b932db0fb
├── [  15]  empty.cs
├── [3.0K]  memShell.cpp
└── [ 259]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →