Menu

Improved exploit search engine. Try it out

"Sitecore 8.x - Deserialization Remote Code Execution"

Author

"Jarad Kopf"

Platform

aspx

Release date

2019-06-13

Release Date Title Type Platform Author
2019-07-11 "Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting" webapps aspx "Owais Mehtab"
2019-06-25 "BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal" webapps aspx "Aaron Bishop"
2019-06-20 "BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection" webapps aspx "Aaron Bishop"
2019-06-19 "BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution" webapps aspx "Aaron Bishop"
2019-06-19 "BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution" webapps aspx "Aaron Bishop"
2019-06-13 "Sitecore 8.x - Deserialization Remote Code Execution" webapps aspx "Jarad Kopf"
2019-02-12 "BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution" webapps aspx "Dustin Cobb"
2019-01-14 "Umbraco CMS 7.12.4 - Authenticated Remote Code Execution" webapps aspx "Gregory Draperi"
2017-05-05 "Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure" webapps aspx "Usman Saeed"
2018-10-29 "Library Management System 1.0 - 'frmListBooks' SQL Injection" webapps aspx "Ihsan Sencan"
2018-10-24 "Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting" webapps aspx "Dino Barlattani"
2018-10-10 "Ektron CMS 9.20 SP2 - Improper Access Restrictions" webapps aspx alt3kx
2018-08-06 "Sitecore.Net 8.1 - Directory Traversal" webapps aspx Chris
2018-06-04 "EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting" webapps aspx "Chris Barretto"
2018-03-13 "SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities" webapps aspx "SEC Consult"
2017-09-27 "SmarterStats 11.3.6347 - Cross-Site Scripting" webapps aspx sqlhacker
2017-09-13 "ICEstate 1.1 - 'id' SQL Injection" webapps aspx "Ihsan Sencan"
2017-06-14 "KBVault MySQL 0.16a - Arbitrary File Upload" webapps aspx "Fatih Emiral"
2017-05-09 "Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions" webapps aspx "Pesach Zirkind"
2017-05-09 "Personify360 7.5.2/7.6.1 - Improper Access Restrictions" webapps aspx "Pesach Zirkind"
2018-02-02 "IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting" webapps aspx 1n3
2017-12-27 "DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)" webapps aspx "Glafkos Charalambous"
2017-03-15 "Sitecore CMS 8.1 Update-3 - Cross-Site Scripting" webapps aspx "Pralhad Chaskar"
2017-01-17 "Check Box 2016 Q2 Survey - Multiple Vulnerabilities" webapps aspx "Fady Mohammed Osman"
2018-01-24 "Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload" webapps aspx "Paul Taylor"
2018-01-24 "Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure" webapps aspx "Paul Taylor"
2016-09-22 "Microix Timesheet Module - SQL Injection" webapps aspx "Anthony Cole"
2016-09-19 "MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities" webapps aspx "Paul Baade & Sven Krewitt"
2017-11-16 "LanSweeper 6.0.100.75 - Cross-Site Scripting" webapps aspx "Miguel Mendez Z"
Release Date Title Type Platform Author
2019-06-13 "Sitecore 8.x - Deserialization Remote Code Execution" webapps aspx "Jarad Kopf"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46987/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46987/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46987/41411/sitecore-8x-deserialization-remote-code-execution/download/", "exploit_id": "46987", "exploit_description": "\"Sitecore 8.x - Deserialization Remote Code Execution\"", "exploit_date": "2019-06-13", "exploit_author": "\"Jarad Kopf\"", "exploit_type": "webapps", "exploit_platform": "aspx", "exploit_port": null}
                                            

For full documentation follow the link above

blog comments powered by Disqus

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
# Exploit Title: Sitecore v 8.x Deserialization RCE
# Date: Reported to vendor October 2018, fix released April 2019.
# Exploit Author: Jarad Kopf
# Vendor Homepage: https://www.sitecore.com/
# Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx
# Version: Sitecore 8.0 Revision 150802
# Tested on: Windows
# CVE : CVE-2019-11080 

Exploit: 

Authentication is needed for this exploit. An attacker needs to login to Sitecore 8.0 revision 150802's Admin section. 
When choosing to Serializeusers or domains in the admin UI, calls to /sitecore/shell/~/xaml/Sitecore.Shell.Applications.Dialogs.Progress.aspx will include a CSRFTOKEN parameter. 
By replacing this parameter with a URL-encoded, base64-encoded crafted payload from ysoserial.net, an RCE is successful.