Leaking and Exploiting ObjRefs via HTTP .NET Remoting (CVE-2024-29059) This repository provides further details and resources on the CODE WHITE blog post of the same name Leaking ObjRefs to Exploit HTTP .NET Remoting: Creating a vulnerable ASP.NET web application Detecting ObjRef leaks Example deserialization payloads that work under the TypeFilterLevel.Low restrictions Exploit script for delivering the payloads 1. Creating a Vulnerable ASP.NET Web Application The following is based on Configure Application Insights for your ASP.NET website by Microsoft and describes how to create a vulnerable ASP.NET web application with Visual Studio 2019 (required to target .NET Framework 4.5.2, you can still download it at https://aka.ms/vs/16/release/vs_community.exe) and Microsoft Application Insights: Open Visual Studio 2019. Select File > New > Project. Select ASP.NET Web Application (.NET Framework) C#, then Next. Select .NET Framework 4.5.2, then Create. Select Empty, then Create. Select Project > Add Application Insights Telemetry. Select Application Insights SDK (local), then Next. Check NuGet packages, then click Finish. If the .NET Framework updates of January 2024 are installed, open the Web.config file and add the following under /configuration/appSettings to re-enable the vulnerable behavior: xml <add key="microsoft:Remoting:LateHttpHeaderParsing" value="true" /> You can then run the web application via Debug > Start Without Debugging or by pressing Ctrl+F5. 2….Read More