A new flaw has been found in Telerik UI for ASP.NET AJAX (CVE-2019-18935), which can allow for RCE. Due to the fact that there doesn't appear to be possible to reliably determine the version of the software being used, it's not possible to determine if it is vulnerable.
We can however, tell if the key feature is enabled, by sending a get to /Telerik.Web.UI.WebResource.axd?type=rau and looking for the following:
{ "message" : "RadAsyncUpload handler is registered succesfully, however, it may not be accessed directly." }
The other option would be to build out a full exploit, but that could be too complex / slow to be reasonable. We will take the approach that we should warn if this is found at all, and let the user dig into it manually (we can save time by pointing it out, but we can't do everything for them.)
The text was updated successfully, but these errors were encountered:
A new flaw has been found in Telerik UI for ASP.NET AJAX (CVE-2019-18935), which can allow for RCE. Due to the fact that there doesn't appear to be possible to reliably determine the version of the software being used, it's not possible to determine if it is vulnerable.
We can however, tell if the key feature is enabled, by sending a get to
/Telerik.Web.UI.WebResource.axd?type=rau
and looking for the following:The other option would be to build out a full exploit, but that could be too complex / slow to be reasonable. We will take the approach that we should warn if this is found at all, and let the user dig into it manually (we can save time by pointing it out, but we can't do everything for them.)
The text was updated successfully, but these errors were encountered: