CVE-2017-9248 PoC — ASP.NET AJAX和Sitefinity Progress Telerik UI 安全漏洞

Source

https://github.com/0xsharz/telerik-scanner-cve-2017-9248

Associated Vulnerability

Title:ASP.NET AJAX和Sitefinity Progress Telerik UI 安全漏洞 (CVE-2017-9248)
Description:Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.

Description

Telerik CVE-2017-9248 Vulnerability Scanner

Readme

# Telerik CVE-2017-9248 Vulnerability Scanner

A Python scanner that discovers Telerik endpoints and tests for CVE-2017-9248 cryptographic vulnerability.

## Features

- **Quick & Discovery Modes**: Single path testing or comprehensive discovery (50+ paths)
- **Multi-threaded**: Fast concurrent endpoint enumeration
- **Version Detection**: Identifies specific Telerik versions
- **Proxy Support**: Works with Burp Suite and other tools

## Installation
```
git clone https://github.com/yourusername/telerik-scanner.git
cd telerik-scanner
pip install requests
```
## Usage

### Quick Mode (Default)
```python telerik_scanner.py -u https://target.com```

### Custom Path
```python telerik_scanner.py -u https://target.com --path /admin/Telerik.Web.UI.DialogHandler.aspx```

### Discovery Mode
```python telerik_scanner.py -u https://target.com -d```

### With Proxy
```python telerik_scanner.py -u https://target.com -d -p 127.0.0.1:8080```

## Arguments

| Flag | Description | Default |
|------|-------------|---------|
| `-u, --url` | Target URL (required) | - |
| `-d, --discover` | Enable path discovery | False |
| `--path` | Specific path to test | `/Telerik.Web.UI.DialogHandler.aspx` |
| `-p, --proxy` | Proxy server | - |
| `-t, --threads` | Thread count | 10 |

## CVE-2017-9248 Details
```
- **CVSS**: 9.8 (Critical)
- **Affected**: Versions prior to 2017.2.621
- **Impact**: Cryptographic compromise, file access, potential RCE
```
## Common Paths Tested
```
/Telerik.Web.UI.DialogHandler.aspx
/telerik/Telerik.Web.UI.DialogHandler.aspx
/admin/Telerik.Web.UI.DialogHandler.aspx
/cms/Telerik.Web.UI.DialogHandler.aspx
/Telerik.Web.UI.SpellCheckHandler.axd
/RadControls/
/aspnet_client/system_web/4_0_30319/RadControls/
```
## Example Output
```
[*] Testing specific path: https://target.com/Telerik.Web.UI.DialogHandler.aspx
[+] VULNERABLE TO CVE-2017-9248!
[+] Error message: Index was outside the bounds of the array.
[+] Detected version: 2016.2.504
```
## Remediation

1. Update to Telerik 2017.2.621+
2. Review access logs
3. Implement WAF rules
4. Remove unused components

## Disclaimer

For authorized testing only. Users responsible for proper authorization.

## References

- [CVE-2017-9248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9248)
- [Original Research](https://github.com/bao7uo/dp_crypto)

File Snapshot


 [4.0K]  /data/pocs/b74c0d0275206bbf282cd5db89538bcb30bbacfe
├── [2.3K]  README.md
└── [ 16K]  telerik_scanner.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!