CVE-2017-9248CISA KEV: Actively Exploited

Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.

Public Exploits & PoCs8 found

PoC: dp_crypto

Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)

122

PoC: Telewreck

A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.

85

PoC: dp_cryptomg

Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler.

2

PoC: dp

Exploit CVE-2017-9248 Telerik ReMix from Paul Taylor's script. Exploit Telerik lastest version fixed vuln. ReMix by TinoKa

1

PoC: telerik-scanner-cve-2017-9248

Telerik CVE-2017-9248 Vulnerability Scanner

PoC: UI_CVE-2017-9248

Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)

PoC: dp

Exploit CVE-2017-9248 Telerik ReMix from Paul Taylor's script. Exploit Telerik lastest version fixed vuln. ReMix by TinoKa & Shaco JX

PoC: Telerik-CVE-2017-9248-PoC

PoC exploit for Telerik-CVE-2017-9248

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free