erberkan/fortilogger_arbitrary_fileupload

CVE-2021-3378 | FortiLogger - Unauthenticated Arbitrary File Upload (Metasploit)

Date: 30-01-2021
Exploit Author: Berkan Er b3rsec@protonmail.com
Vendor Homepage: https://www.fortilogger.com/
Software Link: https://www.fortilogger.com/download
Version: 4.4.2.2
Tested on: Windows 10 Enterprise x64
CVE: 2021-3378
Disclosure Date: 26-02-2021

This module exploits an unauthenticated arbitrary file upload via insecure POST request. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.

More Details: https://erberkan.github.io/2021/cve-2021-3378/

POC:

About

CVE-2021-3378 | FortiLogger - Unauthenticated Arbitrary File Upload (Metasploit)

https://erberkan.github.io/2021/cve-2021-3378/

Languages

Language:Ruby 100.0%