POC详情: d59311c11263e312629ad4eb9c03924f0cfa90dc

来源
https://github.com/abrewer251/CVE-2020-3452_Cisco_ASA_PathTraversal
关联漏洞
标题: Cisco Adaptive Security Appliances Software 路径遍历漏洞 (CVE-2020-3452)
描述:Cisco Adaptive Security Appliances Software(ASA Software)是美国思科(Cisco)公司的一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco Adaptive Security Appliances Software和FTD Software中存在路径遍历漏洞,该漏洞源于受影响设备没有正确验证HTTP请求中的URL。远程攻击者可通过将包含目录遍历字符序列的特制HTTP请求发送到受影响的设备利用该漏洞在目标设备上查
描述
Proof-of-concept script for CVE-2020-3452 — Cisco ASA/FTD Path Traversal vulnerability. Supports automated extraction of known file targets with a hard limit on successful downloads for safety. Intended for authorized security testing and research purposes only.
介绍
# CVE-2020-3452_Cisco_ASA_PathTraversal
Proof-of-concept script for CVE-2020-3452 — Cisco ASA/FTD Path Traversal vulnerability. Supports automated extraction of known file targets with a hard limit on successful downloads for safety. Intended for authorized security testing and research purposes only.

---

## 🔐 GitHub Repository Description

> Proof-of-concept script for **CVE-2020-3452** — Cisco ASA/FTD Path Traversal vulnerability. Supports automated extraction of known file targets with a hard limit on successful downloads for safety. Intended for **authorized security testing** and **research purposes only**.

---

## 📄 README.md

````markdown
# CVE-2020-3452 PoC — Cisco ASA/FTD Path Traversal

This is a modified proof-of-concept exploit script for [CVE-2020-3452](https://nvd.nist.gov/vuln/detail/CVE-2020-3452), a directory traversal vulnerability affecting Cisco ASA and FTD devices.

The vulnerability allows unauthenticated, remote attackers to **read arbitrary files** on affected systems via a crafted HTTP request. This script automates that process by attempting to retrieve a predefined list of common configuration, portal, and HTML files, and stores successful responses locally.

> **⚠️ For authorized testing and research only. Use responsibly.**

---

## ✅ Features

- 🔁 Iterates through a curated list of target file paths known to exist on ASA/FTD systems.
- ✅ Only writes responses with **HTTP 200** and **non-empty content**.
- 🧮 Stops automatically after **200 successful downloads** to prevent abuse or noise.
- 🗂️ Writes all files to an `output/` directory, creating it automatically.
- 🔒 Sanitizes all output filenames to prevent accidental traversal or injection.
- 🧼 Suppresses SSL warnings (ASA certs are often self-signed).

---

## 🖥️ Usage

```bash
# Install dependencies
pip install requests

# Run the script
python3 cve_2020_3452.py <target-host>
````

Example:

```bash
python3 cve_2020_3452.py firewall.example.com
```

All successful files will be saved to the `output/` folder.

You may also run the script interactively:

```bash
python3 cve_2020_3452.py
```

---

## 🔧 Configuration

| Variable             | Description                                                           |
| -------------------- | --------------------------------------------------------------------- |
| `MAX_SUCCESS_WRITES` | Stops script after this number of HTTP 200 file saves (default: 200). |
| `OUTPUT_DIR`         | Directory where files will be written (default: `output/`).           |

You can safely edit these at the top of the script.

---

## 📚 Background

* **CVE**: [CVE-2020-3452](https://nvd.nist.gov/vuln/detail/CVE-2020-3452)
* **Affected**:

  * Cisco ASA: 9.6 – 9.14.1.10
  * Cisco FTD: 6.2.3 – 6.6.0.1
* **Impact**: Allows unauthenticated file disclosure via crafted URL traversal.

---

## ⚠️ Legal & Ethical Notice

This script is provided **for educational and authorized security research purposes only**.

* 🛑 **Do NOT use** this tool on systems you do not own or explicitly have permission to test.
* 🧑‍⚖️ Unauthorized use may be illegal and unethical under local, federal, or international law.
* 🤝 You assume all responsibility for use of this tool.

---

## 🙏 Credits

* Original author: [@freakyclown](https://github.com/cygenta)
* Modifications: hard-coded success limit, file hygiene, output directory isolation

---

## 📜 License

MIT License — see [`LICENSE`](./LICENSE) for details.

````

---

## 📦 requirements.txt

Include this in your repo to make setup easier:

```txt
requests
````

---

## 📜 LICENSE (MIT)

```txt
MIT License

Copyright (c) 2025

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction...

```

---
文件快照

 [4.0K]  /data/pocs/d59311c11263e312629ad4eb9c03924f0cfa90dc
├── [1.0K]  LICENSE
├── [4.1K]  PoC.py
└── [3.8K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。