Exploit for Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability CVE-2020-0618

Name: Exploit for Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability CVE-2020-0618
Rating: 5 (921 reviews)

2020-09-25 | CVSS 8.8

## https://sploitus.com/exploit?id=SAINT:42A55639AE1F6E2A8BE2071F2F668787
Added: 09/25/2020  
CVE: CVE-2020-0618  


### Background

Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. 

### Problem

A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote, authenticated attacker to execute arbitrary commands on the server by sending a POST request with a specially crafted serialized object. 

### Resolution

See Microsoft Security Advisory CVE-2020-0618 for fix information. 

### References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618   


### Limitations

This exploit requires valid Microsoft SQL Server Reporting Services credentials. 

### Platforms

Windows