CVE-2020-3580漏洞复现
一、前言
前段时间碰到了该漏洞,记录一下!
二、漏洞介绍
该漏洞为思科ASA设备和FTD设备的未授权反射型XSS漏洞,影响版本如下:
-
Cisco ASA Software 9.6
-
Cisco ASA Software 9.7
-
Cisco ASA Software 9.8
-
Cisco ASA Software 9.9
-
Cisco ASA Software 9.10
-
Cisco ASA Software 9.12
-
Cisco ASA Software 9.13
-
Cisco ASA Software 9.14
-
Cisco ASA Software 9.15
-
Cisco FTD Software 6.2.2
-
Cisco FTD Software 6.2.3
-
Cisco FTD Software 6.3.0
-
Cisco FTD Software 6.4.0
-
Cisco FTD Software 6.5.0
-
Cisco FTD Software 6.6.0
-
Cisco FTD Software 6.7.0
三、漏洞复现
首先利用zoomeye
或者fofa
等搜索设备,搜索关键词为/+CSCOE+/
,该漏洞出现在/+CSCOE+/saml/sp/acs
接口处,POC
为SAMLResponse="><svg/onload=alert('XSS')>
,访问设备后修改包为POC
,如下图所示:
然后forward
即可,如下图所示: