Sitecore Remote Code Execution Vulnerability
CVE: 2023-35813 (discovered by @mwulftange) CVSS Score: 9.8 Severity: Critical
This is the fantastic blog post from the researchers that found it: https://code-white.com/blog/exploiting-asp.net-templateparser-part-1/
Figure out what command you want to use, and put it in a file called command.txt then run command.py to encode it
after it's encoded run the exploit.py script with the hostname of the target as the arg