top of page


Public·8 members
Isaiah Gonzalez
Isaiah Gonzalez

Telerik Kendo UI R2 2017 SP1 Professional V2017.2.621

Until R2 2017 SP1 (v2017.2.621), RadAsyncUpload's AsyncUploadHandler was configured with a hard-coded key that was used to encrypt form data in file upload requests. If this encryption key was not changed from its default value of PrivateKeyForEncryptionOfRadAsyncUploadConfiguration, an attacker could use that key to craft a file upload request to /Telerik.Web.Ui.WebResource.axd?type=rau with a custom encrypted rauPostData POST parameter. If an attacker specified an arbitrary value for the TempTargetFolder variable within the encrypted rauPostData POST parameter, it would effectively allow file uploads to any directory where the web server had write permissions. Please refer to @straightblast's write-up for a detailed breakdown of rauPostData's structure (and of this vulnerability in general), and Telerik's security advisory for how this vulnerability was remediated.

Telerik Kendo UI R2 2017 SP1 Professional v2017.2.621


Welcome to the group! You can connect with other members, ge...
Group Page: Groups_SingleGroup
bottom of page