Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.
PoC: dp_crypto
Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
PoC: Telewreck
A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
PoC: dp_cryptomg
Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler.
PoC: dp
Exploit CVE-2017-9248 Telerik ReMix from Paul Taylor's script. Exploit Telerik lastest version fixed vuln. ReMix by TinoKa
PoC: telerik-scanner-cve-2017-9248
Telerik CVE-2017-9248 Vulnerability Scanner
PoC: UI_CVE-2017-9248
Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
PoC: dp
Exploit CVE-2017-9248 Telerik ReMix from Paul Taylor's script. Exploit Telerik lastest version fixed vuln. ReMix by TinoKa & Shaco JX
PoC: Telerik-CVE-2017-9248-PoC
PoC exploit for Telerik-CVE-2017-9248
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free