CVE-2017-9248

This exploit targets a cryptographic weakness in Telerik UI for ASP.NET AJAX (CVE-2017-9248) by brute-forcing the encryption key used in the DialogHandler component. It leverages a padding oracle attack to decrypt or encrypt data, potentially leading to unauthorized access or data manipulation.

This repository contains a Python-based exploit for CVE-2017-9248, which targets a weak encryption implementation in Telerik UI for ASP.NET AJAX. The exploit brute-forces the dialog handler key and generates an encrypted URL to access a file manager, potentially allowing arbitrary file uploads.

This is a Burp Suite extension designed to detect and exploit CVE-2017-9248, a cryptographic weakness in Telerik Web UI. It includes functionality to bruteforce encryption keys and identify vulnerable versions during passive scans.

This repository contains a Python-based exploit for CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler. The tool recovers the encryption key via error message analysis and enables arbitrary file uploads, leading to remote code execution.

This repository contains a Python-based scanner for detecting CVE-2017-9248, a cryptographic vulnerability in Telerik UI components. It supports bulk scanning, multi-threading, and detailed reporting in CSV/JSON formats.

This repository contains a Python-based exploit for CVE-2017-9248, targeting a cryptographic vulnerability in Telerik UI for ASP.NET AJAX. The exploit leverages a base64-based encryption oracle to brute-force the encryption key used by the application.

This is a Python-based exploit for CVE-2017-9248, targeting a cryptographic flaw in Telerik.Web.UI.dll. It brute-forces the encryption key used in the vulnerable component by analyzing responses to crafted requests.

This exploit PoC targets CVE-2017-9248, a vulnerability in Telerik UI for ASP.NET AJAX. It uses a brute-force approach to decrypt a key by leveraging error messages from the server, allowing an attacker to bypass authentication or execute arbitrary code.

The repository contains a Python library for detecting the use of known or weak cryptographic secrets across various platforms, including ASP.NET, Django, Flask, and others. It does not include exploit code but provides modules to identify vulnerabilities related to weak secrets.