Radasync Arbitrary File Upload
AsyncUploadHandler in Telerik's RadAsyncUpload feature is configured with a hard coded (default) encryption key. This key is used to encrypt upload variables which are sent to the user, and subsequently used in file upload requests by the user to the server. If this key is not changed from it's default value of "PrivateKeyForEncryptionOfRadAsyncUploadConfigurat a malicious actor can capture the file upload request to /Telerik.Web.Ui.WebResource.axd and decrypt parameter 'rauPostData'. Once decrypted, the file upload location can be modified and re-encrypted, resulting in arbitrary file upload to any location on the server which the web server user has permissions to write to.
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Gethttpsforfree | 2,130 | 2 years ago | 16 | mit | JavaScript | |||||
| Source code for https://gethttpsforfree.com/ | ||||||||||
| Bantam | 186 | 3 years ago | mit | C# | ||||||
| A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems. | ||||||||||
| Padding Oracle Attacker | 150 |  | 2 | 2 years ago | 14 | March 30, 2020 | mit | TypeScript | ||
| 🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI. | ||||||||||
| Httpz | 47 | 5 years ago | 18 | gpl-3.0 | JavaScript | |||||
| Fat-free hardenable opportunistic encryption for Firefox | ||||||||||
| Sepa | 30 | 2 years ago | 22 | September 26, 2017 | 8 | mit | Ruby | |||
| An open source Ruby implementation of SEPA Financial Messages using Web Services. | ||||||||||
| Crypton | 27 | 3 years ago | 5 | November 11, 2020 | 6 | mit | PHP | |||
| Laravel Request & Response Encryption | ||||||||||
| Acme Pki | 16 | 1 | 4 years ago | 9 | June 20, 2020 | 1 | agpl-3.0 | Ruby | ||
| Tiny ACME PKI | ||||||||||
| Payment Server Template | 15 | 5 months ago | mit | TypeScript | ||||||
| Payment Server Template is a generic open-source payment server that has a simple yet powerful design to connect your business with third-party payment solution provider companies (like Stripe or Coinbase). | ||||||||||
| Letsencrypt Prtg | 15 | 2 years ago | mit | PowerShell | ||||||
| Post request script to install an SSL certificate obtained with Certify the Web or win-acme in PRTG. | ||||||||||
| Laravel Encrypted Api | 14 | 6 years ago | 1 | October 09, 2017 | mit | PHP | ||||
| Encrypted API communication between Laravel applications | ||||||||||
Alternatives To Radasync Arbitrary File UploadSelect To Compare
Alternative Project Comparisons
Popular Request Projects
Popular Encryption Projects
Popular Networking Categories
Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
C Sharp
Upload
Location
Actor
File Upload