CVE-2019-18935

Related Files

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization

Posted Oct 20, 2020

Authored by Spencer McIntyre, Oleksandr Mirosh, Markus Wulftange, Alvaro Munoz, Paul Taylor, Caleb Gross, straightblast | Site metasploit.com

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).

tags | exploit, asp

advisories | CVE-2017-11317, CVE-2019-18935

SHA-256 | 2f6a8f760339d2c83d483651740d009b85c87d1a8e03ca388c1ef83409e65051

Download | Favorite | View

Telerik UI Remote Code Execution

Posted Dec 18, 2019

Authored by Markus Wulftange, Paul Taylor, Bishop Fox | Site know.bishopfox.com

The Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's underlying host.

tags | exploit, remote, arbitrary, code execution, asp

advisories | CVE-2019-18935

SHA-256 | 4aab62684a4cdf73f2ac375b58ade0ea344753c8d22b1fdf5f8a4e944c3eee54

Download | Favorite | View