CVE-2024-4358

This repository contains a functional exploit for CVE-2024-4358, which chains an authentication bypass and deserialization vulnerability in Progress Telerik Report Server to achieve pre-authenticated remote code execution. The exploit creates a backdoor account, generates a malicious report with embedded payload, and triggers deserialization to execute arbitrary commands.

This repository contains a functional exploit for CVE-2024-4358, which leverages authentication bypass and deserialization vulnerabilities to achieve remote code execution. The exploit creates a backdoor account, uploads a malicious report, and executes arbitrary commands via a crafted payload.

The repository contains a functional exploit for CVE-2024-4358, demonstrating a deserialization vulnerability leading to remote code execution (RCE). The exploit automates the process of creating a report with a malicious payload, triggering deserialization via API endpoints.

The repository contains a functional exploit tool for CVE-2024-4358, which targets a deserialization vulnerability in an unspecified software. The tool supports both vulnerability detection and exploitation, with features like multi-threading, proxy support, and command execution.

This repository contains a functional exploit for CVE-2024-4358, targeting Telerik Report Server with an authentication bypass and deserialization RCE. The exploit uses async HTTP requests to create a malicious report, trigger deserialization, and execute arbitrary commands.

This repository contains a functional exploit for CVE-2024-4358, which chains an authentication bypass with a deserialization vulnerability in Progress Telerik Report Server to achieve pre-authenticated remote code execution. The exploit creates a backdoor account, logs in, and uploads a malicious report file to trigger deserialization.

This exploit demonstrates an authentication bypass and deserialization RCE vulnerability in Progress Telerik Report Server 2024 Q1 (10.0.24.305) and earlier. It automates the creation of a malicious report and triggers deserialization to execute arbitrary commands.

This Metasploit module exploits CVE-2024-4358, an authentication bypass in Telerik Report Server, allowing unauthenticated attackers to create an administrative account via the exposed setup page.