CVE-2019-0604

This exploit targets a deserialization vulnerability in SharePoint's Picker.aspx page, allowing remote command execution by crafting a malicious payload. The script serializes commands into a specific format and sends them to the target URL.

This PoC exploits CVE-2019-0604, a SharePoint deserialization vulnerability, by crafting a malicious payload using XAML and ObjectDataProvider to achieve remote code execution. The code demonstrates the encoding/decoding process for the exploit payload.

This is a functional exploit for CVE-2019-0604, a SharePoint RCE vulnerability. The script constructs a malicious payload to achieve remote code execution via a deserialization flaw in SharePoint's Picker.aspx endpoint.

This repository provides a GUI tool to generate custom payloads for CVE-2019-0604, a SharePoint RCE vulnerability. It allows users to create serialized XML payloads for command execution via deserialization.

This repository contains a weaponized exploit for CVE-2019-0604, a SharePoint RCE vulnerability. It includes functionality for command execution, file upload, and out-of-band data exfiltration via DNS or HTTP.

This repository contains Sigma rules for detecting potential exploitation of CVE-2019-0604, a SharePoint RCE vulnerability, by monitoring for suspicious child processes spawned by IIS worker processes. The rules are designed for Sysmon logs and are marked as experimental.

This PoC exploits CVE-2019-0604, a .NET deserialization vulnerability in SharePoint, by crafting a malicious payload using XAML and ObjectDataProvider to achieve remote code execution. The code demonstrates the encoding/decoding process for the exploit payload.

This repository contains a Proof of Concept (PoC) for CVE-2019-0604, a deserialization vulnerability in SharePoint 2010 SP2 running on .NET 3.5. The exploit generates a serialized payload to trigger remote code execution by leveraging the `EntityInstanceIdEncoder` class.