Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.
The Telerik Report Server is an API-powered end-to-end encrypted report management solution organizations use to streamline the creation, sharing, storage, distribution, and scheduling of reports.
Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
[...]
Exploit for critical Progress Telerik auth bypass released, patch now
Exploit for critical Progress Telerik auth bypass released, patch now
-
rbc
- President
- Posts: 271
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Exploit for critical Progress Telerik auth bypass released, patch now
Robert B. Carleton + ISC2 Central Mississippi President