CVE-2020-3580 PoC — 多款Cisco产品跨站脚本漏洞

Source

https://github.com/catatonicprime/CVE-2020-3580

Associated Vulnerability

Title:多款Cisco产品跨站脚本漏洞 (CVE-2020-3580)
Description:Cisco Firepower Threat Defense（FTD）和Cisco Adaptive Security Appliances Software（ASA Software）都是美国思科（Cisco）公司的产品。Cisco Firepower Threat Defense是一套提供下一代防火墙服务的统一软件。Cisco Adaptive Security Appliances Software是一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco Adap

Description

Additional exploits for XSS in Cisco ASA devices discovered by PTSwarm

Readme

# CVE-2020-3580
Additional exploits for XSS in Cisco ASA devices discovered by PTSwarm

# Usage
- Stage (address change me)
- Demonstrate
  - Logon to Cisco ASA WebVPN
  - Visit staged malicious page
  - Recover your credentials
- Patch ;)

# Example / Result
![animated demonstration](https://raw.githubusercontent.com/wiki/catatonicprime/CVE-2020-3580/asa_credentials.gif)

File Snapshot


 [4.0K]  /data/pocs/b72a68ebbec33e4363518a288aea9a4eca9d4895
├── [1.0K]  LICENSE
├── [ 375]  README.md
└── [1.3K]  user_password_xss.html

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!