From b7c2f9c484a730fb12b3d60980e2b39618a1ff1c Mon Sep 17 00:00:00 2001 From: nielsing Date: Tue, 1 Feb 2022 16:59:43 +0000 Subject: [PATCH 1/3] Adding .axd extensions to all paths --- .../telerik/telerik-dialoghandler-detect.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/technologies/telerik/telerik-dialoghandler-detect.yaml b/technologies/telerik/telerik-dialoghandler-detect.yaml index 6342e702d6..53dacb623f 100644 --- a/technologies/telerik/telerik-dialoghandler-detect.yaml +++ b/technologies/telerik/telerik-dialoghandler-detect.yaml @@ -28,6 +28,22 @@ requests: - '{{BaseURL}}/common/admin/Calendar/Telerik.Web.UI.DialogHandler.aspx?dp=1' - '{{BaseURL}}/cms/portlets/Telerik.Web.UI.DialogHandler.aspx?dp=1' - '{{BaseURL}}/dashboard/UserControl/CMS/Page/Telerik.Web.UI.DialogHandler.aspx/Desktopmodules/Admin/dnnWerk.Users/DialogHandler.aspx?dp=1' + - '{{BaseURL}}/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/desktopmodules/telerikwebui/radeditorprovider/telerik.web.ui.dialoghandler.axd?dp=1' + - '{{BaseURL}}/desktopmodules/dnnwerk.radeditorprovider/dialoghandler.axd?dp=1' + - '{{BaseURL}}/DesktopModules/Admin/RadEditorProvider/DialogHandler.axd?dp=1' + - '{{BaseURL}}/DesktopModule/UIQuestionControls/UIAskQuestion/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/Modules/CMS/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/Admin/ServerSide/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/DesktopModules/TNComments/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/Providers/HtmlEditorProviders/Telerik/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/App_Master/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/common/admin/PhotoGallery2/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/common/admin/Jobs2/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/AsiCommon/Controls/ContentManagement/ContentDesigner/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/common/admin/Calendar/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/cms/portlets/Telerik.Web.UI.DialogHandler.axd?dp=1' + - '{{BaseURL}}/dashboard/UserControl/CMS/Page/Telerik.Web.UI.DialogHandler.axd/Desktopmodules/Admin/dnnWerk.Users/DialogHandler.axd?dp=1' stop-at-first-match: true matchers-condition: and From a5811de4f081d054bbbcc1d3cc5d8c69283d9539 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 2 Feb 2022 00:30:39 +0530 Subject: [PATCH 2/3] Update telerik-dialoghandler-detect.yaml --- .../telerik/telerik-dialoghandler-detect.yaml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/technologies/telerik/telerik-dialoghandler-detect.yaml b/technologies/telerik/telerik-dialoghandler-detect.yaml index 53dacb623f..3a05b8baa4 100644 --- a/technologies/telerik/telerik-dialoghandler-detect.yaml +++ b/technologies/telerik/telerik-dialoghandler-detect.yaml @@ -29,21 +29,6 @@ requests: - '{{BaseURL}}/cms/portlets/Telerik.Web.UI.DialogHandler.aspx?dp=1' - '{{BaseURL}}/dashboard/UserControl/CMS/Page/Telerik.Web.UI.DialogHandler.aspx/Desktopmodules/Admin/dnnWerk.Users/DialogHandler.aspx?dp=1' - '{{BaseURL}}/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/desktopmodules/telerikwebui/radeditorprovider/telerik.web.ui.dialoghandler.axd?dp=1' - - '{{BaseURL}}/desktopmodules/dnnwerk.radeditorprovider/dialoghandler.axd?dp=1' - - '{{BaseURL}}/DesktopModules/Admin/RadEditorProvider/DialogHandler.axd?dp=1' - - '{{BaseURL}}/DesktopModule/UIQuestionControls/UIAskQuestion/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/Modules/CMS/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/Admin/ServerSide/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/DesktopModules/TNComments/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/Providers/HtmlEditorProviders/Telerik/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/App_Master/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/common/admin/PhotoGallery2/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/common/admin/Jobs2/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/AsiCommon/Controls/ContentManagement/ContentDesigner/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/common/admin/Calendar/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/cms/portlets/Telerik.Web.UI.DialogHandler.axd?dp=1' - - '{{BaseURL}}/dashboard/UserControl/CMS/Page/Telerik.Web.UI.DialogHandler.axd/Desktopmodules/Admin/dnnWerk.Users/DialogHandler.axd?dp=1' stop-at-first-match: true matchers-condition: and From 2cf1bb016c21e73b8c156f92d8116f868b1dfe27 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 2 Feb 2022 00:34:39 +0530 Subject: [PATCH 3/3] Update telerik-dialoghandler-detect.yaml --- technologies/telerik/telerik-dialoghandler-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technologies/telerik/telerik-dialoghandler-detect.yaml b/technologies/telerik/telerik-dialoghandler-detect.yaml index 3a05b8baa4..a4275c7790 100644 --- a/technologies/telerik/telerik-dialoghandler-detect.yaml +++ b/technologies/telerik/telerik-dialoghandler-detect.yaml @@ -2,7 +2,7 @@ id: telerik-dialoghandler-detect info: name: Detect Telerik Web UI Dialog Handler - author: organiccrap,zhenwarx + author: organiccrap,zhenwarx,nielsing severity: info reference: - https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html