CVE-2017-11317

This exploit targets Telerik UI for ASP.NET AJAX RadAsyncUpload, leveraging hardcoded encryption keys and insecure direct object references to achieve arbitrary file upload. It encrypts payloads using AES-CBC and includes HMAC validation for newer versions.

This repository contains a functional exploit for CVE-2019-18935, targeting Telerik Web UI for ASP.NET AJAX. The exploit leverages hardcoded encryption keys and insecure direct object references to achieve arbitrary file upload and .NET deserialization attacks.

This repository contains a functional exploit for CVE-2017-11317, an Insecure Direct Object Reference (IDOR) vulnerability in Telerik UI for ASP.NET AJAX. The exploit automates the discovery of encryption keys and crafts malicious requests to exploit the vulnerability.

The repository claims to cover CVE-2019-18935 (RCE via insecure deserialization) and CVE-2017-11317 (unrestricted file upload) but contains no exploit code, technical details, or proof-of-concept. The README is a placeholder with no substance.

This repository contains a scanner for detecting Telerik UI vulnerabilities, including CVE-2017-11317, with multiple test modes and customizable configurations. It does not include functional exploit code but provides detailed scanning capabilities.

This Metasploit module exploits CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI ASP.NET AJAX RadAsyncUpload. It uploads a malicious DLL via weak encryption (CVE-2017-11317) and triggers deserialization to achieve remote code execution.