Photos from National Cyber Security Services's post
CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.
This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.
#Download #Link:-
https://github.com/noperator/CVE-2019-18935
CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.
This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.
#Download #Link:-
https://github.com/noperator/CVE-2019-18935
GitHub
GitHub - noperator/CVE-2019-18935: RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX. - noperator/CVE-2019-18935