A few months ago I was trying to PoC a known cross-site scripting vulnerability in the Cisco ASA WebVPN portal (CVE-2013-3414) for inclusion in the TrustKeeper Scan Engine. I tried a number of different techniques on multiple different ASA versions/branches and I simply could not tease out a viable PoC.
At my wits end, I finally decided to toss up a hail mary pass to my fellow Spiders for help. Thankfully, I received a reply from Piotr Karolak of the SpiderLabs Network Penetration team who PoC’d a cross-site scripting vulnerability during a customer pentest shortly after my request went out and it matched the vulnerability description.
more here...........http://blog.spiderlabs.com/2014/05/cve-2014-2120-a-tale-of-cisco-asa-0-day.html
At my wits end, I finally decided to toss up a hail mary pass to my fellow Spiders for help. Thankfully, I received a reply from Piotr Karolak of the SpiderLabs Network Penetration team who PoC’d a cross-site scripting vulnerability during a customer pentest shortly after my request went out and it matched the vulnerability description.
more here...........http://blog.spiderlabs.com/2014/05/cve-2014-2120-a-tale-of-cisco-asa-0-day.html