Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
exploits/Sitecore8xDeserialRCE
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
17 lines (13 sloc)
849 Bytes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Sitecore v 8.x Deserialization RCE | |
| # Date: Reported to vendor October 2018, fix released April 2019. | |
| # Exploit Author: Jarad Kopf | |
| # Vendor Homepage: https://www.sitecore.com/ | |
| # Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx | |
| # Version: Sitecore 8.0 Revision 150802 | |
| # Tested on: Windows | |
| # CVE : CVE-2019-11080 | |
| https://www.exploit-db.com/exploits/46987 | |
| Exploit: Authentication is needed for this exploit. An attacker needs to login to Sitecore 8.0 revision 150802's Admin section. When choosing to Serialize | |
| users or domains in the admin UI, calls to /sitecore/shell/~/xaml/Sitecore.Shell.Applications.Dialogs.Progress.aspx will include a CSRFTOKEN parameter. | |
| By replacing this parameter with a URL-encoded, base64-encoded crafted payload from ysoserial.net, an RCE is successful. | |
| Use ysoserial.net |