Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2019-18935 PoC — Progress Telerik UI for ASP.NET AJAX 代码问题漏洞

Source
https://github.com/menashe12346/CVE-2019-18935
Associated Vulnerability
Title:Progress Telerik UI for ASP.NET AJAX 代码问题漏洞 (CVE-2019-18935)
Description:Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
Description
Exploit for CVE-2019-18935
Readme
# CVE-2019-18935 Exploit

Remote Code Execution exploit for Telerik UI ASP.NET AJAX through deserialization vulnerability.

## How to Run

### Step 1: Clone the Project
```bash
git clone https://github.com/menashe12346/CVE-2019-18935.git
cd CVE-2019-18935
```

### Step 2: In `CVE-2019-18935.py`, modify line 15:

```python
version = "2017.1.228"  # Replace with target server's Telerik version
```

### Step 3: Run the Exploit

```bash
python CVE-2019-18935.py <target_url> <shell_command>
# Example:
python CVE-2019-18935.py http://<HOST>/Telerik.Web.UI.WebResource.axd?type=rau "whoami"
```

🔧 **Building Custom DLL Files**

To create a DLL from a different C file (not just reverse shell):

Install Visual Studio (Desktop development with c++) with these components:

- MSVC v143 - VS 2022 C++ x64/x86 build tools
- Windows 11 SDK
- C++ CMake tools for Windows
- C++ AddressSanitizer

Build the DLL:

```bash
build-dll.bat your_file.c
```

The DLL will be created in the `payloads/` directory.

📋 **File Descriptions**

```
CVE-2019-18935_exploit/
├── CVE-2019-18935.py        # Main exploit code
├── RAU_crypto.py            # Telerik encryption/decryption module
├── build-dll.bat            # Script to build DLL files from C code
├── reverse_shell.c          # C source code for reverse shell
└── payloads/                # Directory for Compiled DLL payload files
```

---
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →