{"vulnerability": "cve-2017-9248", "sightings": [{"uuid": "8017c1c4-af72-4543-8f2a-42a10dea5278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "27101d5d-9a79-4817-a7b5-486bc5706cb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:20.000000Z"}, {"uuid": "ebb90fe3-2396-4340-9d78-a54e11c2a490", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "seen", "source": "MISP/0f91d6dd-6e90-4ff4-b535-99c3ac07aedf", "content": "", "creation_timestamp": "2023-06-17T09:45:31.000000Z"}, {"uuid": "cf240484-1163-4f95-b034-086f4ca3b70f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970918", "content": "", "creation_timestamp": "2024-12-24T20:21:43.308293Z"}, {"uuid": "1a74d155-c496-4735-9fcd-c32ff2ba459a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2017-9248", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/33cab495-95f8-4ee5-af4c-0e11adf42908", "content": "", "creation_timestamp": "2026-02-02T12:29:04.227213Z"}, {"uuid": "dcc942f5-85b8-4f90-aacc-b33c008fb029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:39.000000Z"}, {"uuid": "f4df47b3-47dd-4b96-950c-7e54cf764d43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/t1915t/89", "content": "", "creation_timestamp": "2025-05-01T23:03:49.000000Z"}, {"uuid": "1dd1310f-f6d2-4bcb-886c-10e08e0a6e26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/HackingCiberseguridad/330", "content": "Escaneo de software # aplicaci\u00f3n web de vulnerabilidad #PHP, #dotNet (aspx), #Java (jsp)\n\nSe pueden detectar vulnerabilidades: -\n\n1. # CVE-2017-9248 (Telerik UI en web dotNet, DDN)\n2. Inyecci\u00f3n #SQL (base de error)\n3. Inyecci\u00f3n SQL ciega (base booleana)\n4. OS # Inyecci\u00f3n de comandos\n5. Contrase\u00f1a d\u00e9bil\n6. Scripting entre sitios (#XSS)\n7. Inclusi\u00f3n de archivos locales (#LFI)\n8. Inyecci\u00f3n de c\u00f3digo PHP\n9. #XML XPath Injection\n10. Carga de archivos sin restricciones\n\nM\u00e9todos de escaneo: -\n\n1. #BlackBox Pentesting\n2. #GrayBox Pentesting (Autenticaci\u00f3n)\n3. # WhiteBox Pentesting\n4. Respuesta de an\u00e1lisis y Comparaci\u00f3n de la respuesta de origen con la respuesta enviada #payload\n\nhttps://github.com/shacojx/VinaScanHub", "creation_timestamp": "2020-04-17T07:45:39.000000Z"}, {"uuid": "5a72a4d0-f18f-4813-bab5-56dbc987c2d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "seen", "source": "https://t.me/s4Tech_Bots/77", "content": "Exploit CVE-2017-9248 \n\n#Exploits_1915\n#Yemeni_Hackers\n#1915_Team", "creation_timestamp": "2025-07-16T03:32:31.000000Z"}, {"uuid": "e39814ed-3970-4818-817d-c03bf88611dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2688", "content": "Known Secret Found!\n\nDetecting Module: Generic_JWT\n\nSecret: 1234\nDetails: {'Issuer': 'Issuer', 'Username': 'BadSecrets', 'exp': 1593133483, 'iat': 1466903083, 'jwt_headers': {'alg': 'HS256'}}\n***********************  Blacklist3r.py  Bad secrets includes a fully functional CLI example (https://github.com/blacklanternsecurity/badsecrets/blob/dev/badsecrets/examples/blacklist3r.py) which replicates the functionality of blacklist3r (https://github.com/NotSoSecure/Blacklist3r) in python badsecrets/examples/blacklist3r.  python ./badsecrets/examples/blacklist3r.py --url http://vulnerablesite/vulnerablepage.aspx\npython ./badsecrets/examples/blacklist3r.py --viewstate /wEPDwUJODExMDE5NzY5ZGQMKS6jehX5HkJgXxrPh09vumNTKQ== --generator EDD8C9AE  Telerik_knownkey.py  Fully functional CLI example for identifying known Telerik Hash keys and Encryption (https://www.kitploit.com/search/label/Encryption) keys for Post-2017 versions (those patched for CVE-2017-9248), and brute-forcing version / generating exploitation (https://www.kitploit.com/search/label/Exploitation) DialogParameters values.  python ./badsecrets/examples/telerik_knownkey.py --url http://vulnerablesite/Telerik.Web.UI.DialogHandler.aspx  Optionally include ASP.NET MachineKeys with --machine-keys (Will SIGNIFICANTLY increase brute-forcing time)  Symfony_knownkey.py  Brute-force detection of Symfony known secret key when \"_fragment\" URLs are enabled, even when no example URL containing a hash can be located. Relevent Blog Post (https://www.ambionics.io/blog/symfony-secret-fragment).  python ./badsecrets/examples/symfony_knownkey.py --url https://localhost/  BBOT Module  One of the best ways to use Badsecrets, especially for the ASPNET_Viewstate and Jsf_viewstate modules is with the Badsecrets BBOT (https://github.com/blacklanternsecurity/bbot) module. This will allow you to easily check across thousands of systems in conjunction with subdomain enummeration.  bbot -f subdomain-enum -m badsecrets -t evil.corp", "creation_timestamp": "2023-07-07T13:30:58.000000Z"}, {"uuid": "dac54b73-cfab-4c23-9063-d611c3931216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/HackingCiberseguridad/268", "content": "Escaneo de software # aplicaci\u00f3n web de vulnerabilidad #PHP, #dotNet (aspx), #Java (jsp)\n\nSe pueden detectar vulnerabilidades: -\n\n1. # CVE-2017-9248 (Telerik UI en web dotNet, DDN)\n2. Inyecci\u00f3n #SQL (base de error)\n3. Inyecci\u00f3n SQL ciega (base booleana)\n4. OS # Inyecci\u00f3n de comandos\n5. Contrase\u00f1a d\u00e9bil\n6. Scripting entre sitios (#XSS)\n7. Inclusi\u00f3n de archivos locales (#LFI)\n8. Inyecci\u00f3n de c\u00f3digo PHP\n9. #XML XPath Injection\n10. Carga de archivos sin restricciones\n\nM\u00e9todos de escaneo: -\n\n1. #BlackBox Pentesting\n2. #GrayBox Pentesting (Autenticaci\u00f3n)\n3. # WhiteBox Pentesting\n4. Respuesta de an\u00e1lisis y Comparaci\u00f3n de la respuesta de origen con la respuesta enviada #payload\n\nhttps://github.com/shacojx/VinaScanHub", "creation_timestamp": "2020-04-10T18:04:56.000000Z"}, {"uuid": "b0134058-2a03-4583-a760-010253dcaa74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/HackingCiberseguridad/2407", "content": "Escaneo de software # aplicaci\u00f3n web de vulnerabilidad #PHP, #dotNet (aspx), #Java (jsp)\n\nSe pueden detectar vulnerabilidades: -\n\n1. # CVE-2017-9248 (Telerik UI en web dotNet, DDN)\n2. Inyecci\u00f3n #SQL (base de error)\n3. Inyecci\u00f3n SQL ciega (base booleana)\n4. OS # Inyecci\u00f3n de comandos\n5. Contrase\u00f1a d\u00e9bil\n6. Scripting entre sitios (#XSS)\n7. Inclusi\u00f3n de archivos locales (#LFI)\n8. Inyecci\u00f3n de c\u00f3digo PHP\n9. #XML XPath Injection\n10. Carga de archivos sin restricciones\n\nM\u00e9todos de escaneo: -\n\n1. #BlackBox Pentesting\n2. #GrayBox Pentesting (Autenticaci\u00f3n)\n3. # WhiteBox Pentesting\n4. Respuesta de an\u00e1lisis y Comparaci\u00f3n de la respuesta de origen con la respuesta enviada #payload\n\nhttps://github.com/shacojx/VinaScanHub", "creation_timestamp": "2020-04-17T09:45:42.000000Z"}, {"uuid": "f7123fc1-0efd-46cb-80d8-37c4f99049fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/1971", "content": "Telewreck \u2013 A Burp Extension To Detect And Exploit CVE-2017-9248 \n Read More: https://t.co/hBB3Dhgqb7 https://t.co/M842ouV3js ", "creation_timestamp": "2018-09-02T07:17:44.000000Z"}, {"uuid": "c080dbdb-54af-4743-83c4-d8a2a1f246d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/HackingCiberseguridad/1574", "content": "Escaneo de software # aplicaci\u00f3n web de vulnerabilidad #PHP, #dotNet (aspx), #Java (jsp)\n\nSe pueden detectar vulnerabilidades: -\n\n1. # CVE-2017-9248 (Telerik UI en web dotNet, DDN)\n2. Inyecci\u00f3n #SQL (base de error)\n3. Inyecci\u00f3n SQL ciega (base booleana)\n4. OS # Inyecci\u00f3n de comandos\n5. Contrase\u00f1a d\u00e9bil\n6. Scripting entre sitios (#XSS)\n7. Inclusi\u00f3n de archivos locales (#LFI)\n8. Inyecci\u00f3n de c\u00f3digo PHP\n9. #XML XPath Injection\n10. Carga de archivos sin restricciones\n\nM\u00e9todos de escaneo: -\n\n1. #BlackBox Pentesting\n2. #GrayBox Pentesting (Autenticaci\u00f3n)\n3. # WhiteBox Pentesting\n4. Respuesta de an\u00e1lisis y Comparaci\u00f3n de la respuesta de origen con la respuesta enviada #payload\n\nhttps://github.com/shacojx/VinaScanHub", "creation_timestamp": "2020-04-10T20:04:59.000000Z"}, {"uuid": "7d3ecc34-9d4e-4a2c-bc37-c1b98efcaef9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "seen", "source": "https://t.me/jokerplstaeen/16925", "content": "Exploit CVE-2017-9248", "creation_timestamp": "2023-05-14T20:05:32.000000Z"}, {"uuid": "bb39ef21-c9c3-4f20-8dea-a4934e669bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "seen", "source": "https://t.me/TYG_YE/733", "content": "Exploit CVE-2017-9248 \n\n#Exploits_1915\n#Yemeni_Hackers\n#1915_Team", "creation_timestamp": "2023-05-14T19:09:56.000000Z"}, {"uuid": "70b3402e-4ba7-449b-9a1a-128897886755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/19908", "content": "Telewreck \u2013 A Burp Extension To Detect And Exploit CVE-2017-9248\nhttps://kalilinuxtutorials.com/telewreck-extension-detect-exploit-cve-2017-9248/\n\nTelewreck is a Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. Telewreck Attribute Detect vulnerable versions of Telerik Web UI during passive scans. Bruteforce the key and discover the \u201cDocument Manager\u201d link just like the original exploit tool. Requirements Locate Telerik.Web.UI.DialogHandler.aspx This extension requires Python\u2019s requests module. Just run [\u2026]\nThe post Telewreck \u2013 A Burp Extension To Detect And Exploit CVE-2017-9248 (https://kalilinuxtutorials.com/telewreck-extension-detect-exploit-cve-2017-9248/) appeared first on Kali Linux Tutorials (https://kalilinuxtutorials.com/).", "creation_timestamp": "2018-09-02T06:50:13.000000Z"}, {"uuid": "6000b308-a40c-43cf-84ab-dcde0b8ad23d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/NinjaHacKiNgCourse/1023", "content": "Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler.\n\nhttps://github.com/blacklanternsecurity/dp_cryptomg", "creation_timestamp": "2022-11-06T04:43:47.000000Z"}, {"uuid": "071a2f00-674f-4348-aa40-46e263f58849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/14891", "content": "\u2022 [NSE][GH#1111] Fix a script crash in ftp.lua when PASV connection timed\nout. [Aniket Pandey]\n\n\u2022 [NSE][GH#1114] Update bitcoin-getaddr to receive more than one response\nmessage, since the first message usually only has one address in it. [h43z]\n\n\u2022 [Ncat][GH#1139] Ncat now selects the correct default port for a given\nproxy type. [Pavel Zhukov]\n\n\u2022 [NSE] memcached-info can now gather information from the UDP memcached\nservice in addition to the TCP service. The UDP service is frequently used\nas a DDoS reflector and amplifier. [Daniel Miller]\n\n\u2022 [NSE][GH#1129] Changed url.absolute() behavior with respect to dot and\ndot-dot path segments to comply with RFC 3986, section 5.2. [nnposter]\n\n\u2022 Removed deprecated and undocumented aliases for several long options that\nused underscores instead of hyphens, such as --max_retries. [Daniel Miller]\n\n\u2022 Improved service scan's treatment of soft matches in two ways. First of\nall, any probes that could result in a full match with the soft matched\nservice will now be sent, regardless of rarity.  This improves the chances\nof matching unusual services on non-standard ports.  Second, probes are now\nskipped if they don't contain any signatures for the soft matched service.\nPerviously the probes would still be run as long as the target port number\nmatched the probe's specification.  Together, these changes should make\nservice/version detection faster and more accurate.  For more details on\nhow it works, see https://nmap.org/book/vscan.html. [Daniel Miller]\n\n\u2022 --version-all now turns off the soft match optimization, ensuring that\nall probes really are sent, even if there aren't any existing match lines\nfor the softmatched service. This is slower, but gives the most\ncomprehensive results and produces better fingerprints for submission.\n[Daniel Miller]\n\n\u2022 [NSE][GH#1083] New set of Telnet softmatches for version detection based\non Telnet DO/DON'T options offered, covering a wide variety of devices and\noperating systems. [D Roberson]\n\n\u2022 [GH#1112] Resolved crash opportunities caused by unexpected libpcap\nversion string format. [Gisle Vanem, nnposter]\n\n\u2022 [NSE][GH#1090] Fix false positives in rexec-brute by checking responses\nfor indications of login failure. [Daniel Miller]\n\n\u2022 [NSE][GH#1099] Fix http-fetch to keep downloaded files in separate\ndestination directories. [Aniket Pandey]\n\n\u2022 [NSE] Added new fingerprints to http-default-accounts:\n+ Hikvision DS-XXX Network Camera and NUOO DVR [Paulino Calderon]\n+ [GH#1074] ActiveMQ, Purestorage, and Axis Network Cameras [Rob\nFitzpatrick, Paulino Calderon]\n\n\u2022 Added a new service detection match for WatchGuard Authentication\nGateway. [Paulino Calderon]\n\n\u2022 [NSE][GH#1038][GH#1037] Script qscan was not observing interpacket delays\n(parameter qscan.delay). [nnposter]\n\n\u2022 [NSE][GH#1046] Script http-headers now fails properly if the target does\nnot return a valid HTTP response. [spacewander]\n\n\u2022 [Ncat][Nsock][GH#972] Remove RC4 from the list of TLS ciphers used by\ndefault, in accordance with RFC 7465. [Codarren Velvindron]\n\n\u2022 [NSE][GH#1022] Fix a false positive condition in ipmi-cipher-zero caused\nby not checking the error code in responses. Implementations which return\nan error are not vulnerable. [Juho Jokelainen]\n\n\u2022 [NSE][GH#958] Two new libraries for NSE.\n\n   - idna - Support for internationalized domain names in applications\n   (IDNA)\n   - punycode (a transfer encoding syntax used in IDNA) [Rewanth Cool]\n\n\u2022 [NSE] New fingerprints for http-enum:\n\n   - [GH#954] Telerik UI CVE-2017-9248 [Harrison Neal]\n   - [GH#767] Many WordPress version detections [Rewanth Cool]\n\n\u2022 [GH#981][GH#984][GH#996][GH#975] Fixed Ncat proxy authentication issues\n[nnposter]:\n\n   - Usernames and/or passwords could not be empty\n   - Passwords could not contain colons\n   - SOCKS5 authentication was not properly documented\n   - SOCKS5 authentication had a memory leak\n\n\u2022 [GH#1009][GH#1013] Fixes to autoconf header files to allow autoreconf to\nbe run. [Lukas Schwaighofer]", "creation_timestamp": "2018-03-21T13:35:18.000000Z"}]}