CVE-2020-25223 PoC — Sophos SG UTM 操作系统命令注入漏洞

Source

https://github.com/twentybel0w/CVE-2020-25223

Associated Vulnerability

Title:Sophos SG UTM 操作系统命令注入漏洞 (CVE-2020-25223)
Description:Sophos SG UTM是英国Sophos的一款安全网关。该产品用于保护局域网内的计算机节点。 Sophos SG UTM WebAdmin 存在操作系统命令注入漏洞，攻击者可利用该漏洞远程执行代码，以下产品及版本受到影响：v9.705 MR5版本, v9.607 MR7版本, v9.511 MR11版本。

Readme

# CVE-2020-25223

A PoC script for testing CVE-2020-25223 against an affected Sophos UTM. 
Given an IP address, the script attempts to download a copy of the devices /etc/shadow file.
Original research: https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223

File Snapshot


 [4.0K]  /data/pocs/9cd8808e4065e43e6ccace02d182e7a850bd58ad
├── [1.6K]  CVE-2020-25223.py
└── [ 268]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!