How I was able to get points easily on bugbounty platforms- CVE 2020-3452 and CVE 2020-3187.

3 min readDec 16, 2021

Hello Everyone,

Welcome to another blog.

To people who don’t know me myself Ganesh, I am a security analyst at WesecureApp and a Part-time bug bounty hunter at Bugcrowd.

What is CVE 2020–3452?
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.

The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. As an example, this could allow an attacker to impersonate another VPN user and establish a Clientless SSL VPN or AnyConnect VPN session to the device as that user.

What is CVE 2020–3187?
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.

The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored.

The attacker can only view and delete files within the web services file system.

NOOB Hacker Approach to finding these vulnerabilities :(

Select Bug bounty programs having huge scope *redacted.com
My First Approach was using the nuclei tool
Running with sub finder

subfinder -d hackerone.com -silent | httpx -silent | nuclei -t cves/ -o results.txt

How I was able to get points easily on bugbounty platforms- CVE 2020-3452 and CVE 2020-3187.

Written by ganiganeshss79

More from ganiganeshss79

HTTP VERB TAMPERING:

HTTP Verb Altering is an assault that misuses vulnerabilities in HTTP verb (too known as HTTP strategy) verification and gets to control…

#Bugbounty- “How I was able to see other users Payments in a travel application” — IDOR #800$

Let me thank all the bug bounty hunters over there who are creating great content and inspiring a lot of people like me.

Security Misconfiguration

Default Credentials leading to Admin Portal Access.

User Enumeration- Forgot Password #VDP

User Enumeration:

Recommended from Medium

The ChatGPT Hype Is Over — Now Watch How Google Will Kill ChatGPT.

It never happens instantly. The business game is longer than you know.

10 Seconds That Ended My 20 Year Marriage

It’s August in Northern Virginia, hot and humid. I still haven’t showered from my morning trail run. I’m wearing my stay-at-home mom…

Lists

Staff Picks

Stories to Help You Level-Up at Work

Self-Improvement 101

Productivity 101

The End of the Subscription Era is Coming

You’re overpaying for your porn (and journalism)

Why Japanese Websites Look So Different

& how to analyze design choices without jumping to conclusions

The Most Powerful Morning Routine I’ve Found After 3+ Years of Experimenting

A realistic, science-based, customizable, and aggressively self-tested morning system

Advice From a Software Engineer With 8 Years of Experience

Practical tips for those who want to advance in their careers