[Telerik] More Telerik Detections (Report Viewer) #1439
nicpenning
started this conversation in
Module Requests
Replies: 1 comment
-
@liquidsec should be interested to see this |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The Telerik module today tries to identify telerik usage.
In light of recent Telerik vulnerabilities being announced, it may be worthwhile to identify more ways to find Telerik.
With the POC exploit code, I found some URLs but need advice from the community to see if it's worthwhile to add these to the current module or if there is a better way to detect Telerik Report Viewer.
CVE-2024-4358/exploit.py at main · RevoltSecurities/CVE-2024-4358 (github.com) Found these URLs
{url}/api/reports/clients
{url}/api/reportserver/report
{url}/api/reports/clients/{id}/parameters
{url}/Token
{url}/Startup/Register
The use case here is finding Telerik Report Viewer (and version if possible), not necessarily the vulnerabilities as I'm sure vulnerability scanning modules may do that.
Beta Was this translation helpful? Give feedback.
All reactions