CVE-2020-3580 PoC — 多款Cisco产品跨站脚本漏洞

Source

https://github.com/imhunterand/CVE-2020-3580

Associated Vulnerability

Title:多款Cisco产品跨站脚本漏洞 (CVE-2020-3580)
Description:Cisco Firepower Threat Defense（FTD）和Cisco Adaptive Security Appliances Software（ASA Software）都是美国思科（Cisco）公司的产品。Cisco Firepower Threat Defense是一套提供下一代防火墙服务的统一软件。Cisco Adaptive Security Appliances Software是一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco Adap

Description

Automated bulk IP scanner Cisco ASA and FTD XSS

Readme

<h1 align="center">
  <br>
 CVE-2020-3580 Automated Scanner 
</h1>

<h4 align="center">CVE-2020-3580 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software XSS.</h4>

## Installation Commands
Clone the repository
```
git clone https://github.com/imhunterand/CVE-2020-3580.git
```
Go to the newly created directory
```
cd CVE-2020-3580
```
To download the requirements
```
pip3 install -r requirements.txt
pip install -r requirements.txt
```
To run the script
```
python main.py
```
# CVE-2020-3580
Additional exploits for XSS in Cisco ASA devices discovered by @Pwn0sec

# Usage
- Stage (address change me)
- Demonstrate
  - Logon to Cisco ASA WebVPN
  - Visit staged malicious page
  - Recover your credentials
- Patch ;)

# Example / Result
![animated demonstration](https://i.ibb.co/41JV4Nh/asa-credentials.gif)


# Credit's
 - **[Imhunterand](https://github.com/imhunterand)**
 - **[pwn0sec](https://github.com/pwn0sec)**

File Snapshot


 [4.0K]  /data/pocs/ddcff304874d9109e99e4414dd93ea788d8b094d
├── [1.3K]  LICENSE
├── [2.0K]  main.py
└── [ 972]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!