qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Progress-Telerik-UI-for-ASP...

67 lines
3.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Progress Telerik UI for ASP.NET AJAX Deserialization (CVE-2019-18935)",
"Description": "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)",
"Product": "Telerik-UI",
"Homepage": "https://www.telerik.com",
"DisclosureDate": "2019-12-11",
"Author": "go0p@",
"FofaQuery": "body=\"Telerik.Web.UI, Version=\"",
"GobyQuery": "",
"Level": "3",
"Impact": "",
"Recommendation": "Users can refer to the security bulletins provided by the following vendors to obtain patch information: https://www.telerik.com/support/kb/aspnet-ajax/details/",
"Translation": {
"CN": {
"Description": "Progress Telerik UI for ASP.NET AJAX是一款HTML编辑器。 Progress Telerik UI for ASP.NET AJAX 2019.3.1023及之前版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。目前没有详细的漏洞细节提供。",
"Impact": "Impact",
"Name": "Progress Telerik UI for ASP.NET AJAX代码问题漏洞CNVD-2020-22815",
"Product": "Progress Telerik UI for ASP.NET AJAX",
"Recommendation": "目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization"
}
},
"References": null,
"RealReferences": [
"http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html",
"http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html",
"https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html",
"https://github.com/bao7uo/RAU_crypto",
"https://github.com/noperator/CVE-2019-18935",
"https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui",
"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization",
"https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-(version-2020-1-114)",
"https://www.telerik.com/support/whats-new/release-history",
"https://nvd.nist.gov/vuln/detail/CVE-2019-18935",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18935"
],
"HasExp": true,
"ExpParams": [
{
"Name": "AttackType",
"Type": "select",
"Value": "goby_shell"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": null,
"ExploitSteps": null,
"Tags": ["rce"],
"CVEIDs": [
"CVE-2019-18935"
],
"CVSSScore": "9.8",
"CNVDIDs": [
"CNVD-2020-22815"
],
"CNNVDIDs": null,
"AttackSurfaces": {
"Application": ["Telerik-Sitefinity"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"Disable": false
}
Reference in New Issue View Git Blame Copy Permalink