daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update fortios-exposed-admin-panel.yaml

patch-1
canberbamber 2022-10-13 13:13:15 -05:00 committed by GitHub
parent c19de59a92
commit 6b07d79f34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
exposed-panels/fortios-exposed-admin-panel.yaml
View File

@ -5,7 +5,7 @@ info:
author: canberbamber author: canberbamber
severity: critical severity: critical
description: | description: |
/api/v2/cmdb/system/admin/admin is a necessary exposed panel for cve-2022-40684 in fortigates, fortiproxy /api/v2/cmdb/system/admin/admin is a necessary exposed panel for cve-2022-40684
reference: reference:
- https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ - https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
metadata: metadata:
@ -17,9 +17,14 @@ requests:
- raw: - raw:
- | - |
GET /api/v2/cmdb/system/admin/admin HTTP/1.1 GET /api/v2/cmdb/system/admin/admin HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}:{{port}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
attack: clusterbomb
payloads:
port:
- 443
- 8443
- 10443
matchers-condition: and matchers-condition: and
matchers: matchers: