CVE-2019-18935

This exploit leverages insecure deserialization in Telerik UI's RadAsyncUpload component to achieve remote code execution by uploading and loading a malicious DLL payload. The PoC includes encryption logic to manipulate file upload configurations and trigger deserialization.

This repository contains a functional exploit for CVE-2019-18935, a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX. The exploit includes code to upload a payload and trigger deserialization for remote code execution.

This repository contains a functional exploit for CVE-2019-18935, targeting Telerik Web UI for ASP.NET AJAX. The exploit leverages hardcoded encryption keys and insecure direct object references to achieve arbitrary file upload and .NET deserialization attacks.

This repository provides a functional exploit for CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX. It includes detailed steps for verification and exploitation, along with C code for generating malicious DLLs for both safe (Sleep) and aggressive (reverse shell) testing.

This repository contains a functional exploit for CVE-2019-18935, which targets Telerik UI for ASP.NET AJAX. The exploit leverages a .NET deserialization vulnerability to load a malicious assembly into memory, achieving remote code execution (RCE) by creating a memory-resident shell.

This repository contains a Python script and an NSE script for scanning Telerik UI for ASP.NET AJAX for CVE-2019-18935, a .NET deserialization vulnerability in the RadAsyncUpload function. The script checks for the presence of the vulnerable module and version but does not include exploit code.

This repository contains a functional exploit for CVE-2019-18935, targeting Telerik Web UI for ASP.NET AJAX. The exploit leverages hardcoded encryption keys and insecure direct object references to achieve arbitrary file upload and .NET deserialization, bypassing WAF protections.

The repository contains only a minimal README with the CVE identifier and no exploit code, technical details, or functional content. It lacks any meaningful analysis or proof-of-concept implementation.

This repository contains a functional exploit for CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX. The exploit includes encryption routines and payload delivery mechanisms to achieve remote code execution via insecure deserialization.

The repository claims to cover CVE-2019-18935 (RCE via insecure deserialization) and CVE-2017-11317 (unrestricted file upload) but contains no exploit code, technical details, or proof-of-concept. The README is a placeholder with no substance.

This repository contains functional exploit code for CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX. It includes scripts for version detection, exploitation, and a Docker environment for testing.

This repository contains a functional exploit for CVE-2019-18935, targeting Telerik Web UI for ASP.NET AJAX. The exploit leverages insecure deserialization and arbitrary file upload vulnerabilities to achieve remote code execution via a reverse shell.

This repository contains a functional exploit for CVE-2019-18935, a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX. The exploit includes a Python script that uploads a malicious payload and triggers deserialization to achieve remote code execution.

This repository contains a functional exploit for CVE-2019-18935, a deserialization vulnerability in Telerik UI for ASP.NET AJAX. The exploit leverages ysoserial to generate malicious payloads and attempts to achieve remote code execution on vulnerable systems.

This repository contains a Python-based scanner for detecting the Telerik UI for ASP.NET AJAX Remote Code Execution vulnerability (CVE-2019-18935). The scanner checks for the presence of vulnerable RadAsyncUpload handlers and analyzes version information to determine vulnerability status.

This repository contains a Python script that checks for the presence of the Telerik RadAsyncUpload vulnerability (CVE-2019-18935) by sending HTTP requests to a list of URLs and checking for a specific response pattern. It does not exploit the vulnerability but scans for its presence.

The repository contains a Python script (`telerik_rce_scan.py`) designed to scan for CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX. It checks for the presence of vulnerable endpoints and versions but does not include exploit code for remote code execution.

This repository contains a Python script (`telerik_rce_scan.py`) designed to scan for the presence of CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX. The script checks for vulnerable endpoints and versions but does not include exploit code for remote code execution.

This Metasploit module exploits CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI ASP.NET AJAX RadAsyncUpload. It uploads a malicious DLL via weak encryption (CVE-2017-11317) and triggers RCE through insecure deserialization.

This repository contains a functional exploit tool for CVE-2019-18935, targeting Progress Telerik UI's remote code execution vulnerability. The script includes detection, exploitation, and custom payload testing capabilities.