37 lines
983 B
YAML
37 lines
983 B
YAML
|
id: CVE-2021-3378
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: FortiLogger Unauthenticated Arbitrary File Upload
|
||
|
|
author: dwisiswant0
|
||
|
|
severity: critical
|
||
|
|
reference: https://erberkan.github.io/2021/cve-2021-3378/
|
||
|
|
description: |
|
||
|
|
This template detects an unauthenticated arbitrary file upload
|
||
|
|
via insecure POST request. It has been tested on version 4.4.2.2 in
|
||
|
|
Windows 10 Enterprise.
|
||
|
|
tags: cve,cve2021,fortilogger,fortigate,fortinet
|
||
|
|
|
||
|
|
requests:
|
||
|
|
- method: POST
|
||
|
|
path:
|
||
|
|
- "{{BaseURL}}/shared/GetProductInfo"
|
||
|
|
body: ""
|
||
|
|
headers:
|
||
|
|
Accept: "application/json, text/javascript, */*; q=0.01"
|
||
|
|
Accept-Language: "en-US,en;q=0.5"
|
||
|
|
Accept-Encoding: "gzip, deflate"
|
||
|
|
X-Requested-With: "XMLHttpRequest"
|
||
|
|
matchers:
|
||
|
|
- type: status
|
||
|
|
status:
|
||
|
|
- 200
|
||
|
|
- type: word
|
||
|
|
words:
|
||
|
|
- "4.4.2.2"
|
||
|
|
part: body
|
||
|
|
- type: word
|
||
|
|
words:
|
||
|
|
- "application/json"
|
||
|
|
- "ASP.NET"
|
||
|
|
condition: and
|
||
|
|
part: header
|