Share
## https://sploitus.com/exploit?id=785E7216-9A76-5A04-83F6-97FAF0D088AC
Sitecore Remote Code Execution Vulnerability

CVE: 2023-35813 (discovered by @mwulftange)
CVSS Score: 9.8
Severity: Critical 

This is the fantastic blog post from the researchers that found it:
https://code-white.com/blog/exploiting-asp.net-templateparser-part-1/

Figure out what command you want to use, and put it in a file called command.txt
then run command.py to encode it

after it's encoded run the exploit.py script with the hostname of the target as the arg