Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-9248 PoC — ASP.NET AJAX和Sitefinity Progress Telerik UI 安全漏洞

Source
https://github.com/cehamod/UI_CVE-2017-9248
Associated Vulnerability
Title:ASP.NET AJAX和Sitefinity Progress Telerik UI 安全漏洞 (CVE-2017-9248)
Description:Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
Description
Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
Readme
# UI_CVE-2017-9248
Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
File Snapshot

 [4.0K]  /data/pocs/b2bc3703fc5a0dd11a1faed84f22f779df4792cf
├── [ 17K]  dp_crypto.py
├── [4.0K]  images
│   ├── [ 91K]  key-link2_screenshot.png
│   ├── [144K]  key-link_screenshot.png
│   ├── [ 65K]  upload2_screenshot.png
│   └── [ 60K]  upload_screenshot.png
├── [ 11K]  LICENSE
└── [ 121]  README.md

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →