## https://sploitus.com/exploit?id=785E7216-9A76-5A04-83F6-97FAF0D088AC
Sitecore Remote Code Execution Vulnerability
CVE: 2023-35813 (discovered by @mwulftange)
CVSS Score: 9.8
Severity: Critical
This is the fantastic blog post from the researchers that found it:
https://code-white.com/blog/exploiting-asp.net-templateparser-part-1/
Figure out what command you want to use, and put it in a file called command.txt
then run command.py to encode it
after it's encoded run the exploit.py script with the hostname of the target as the arg