.. / CVE-2023-35813

Exploit for Sitecore - Remote Code Execution (CVE-2023-35813)

Description:

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.

Nuclei Template

View the template here CVE-2023-35813.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-35813.yaml
Copy

References:

https://code-white.com/blog/exploiting-asp.net-templateparser-part-1/
https://nvd.nist.gov/vuln/detail/CVE-2023-35813
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002979
https://github.com/BagheeraAltered/CVE-2023-35813-PoC
https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1002979