FortiOS SSL VPN - FortiOS system file leak through SSL VPN via specially crafted HTTP
by teamkelvinsecteam - December 15, 2020 at 07:49 PM
#1
FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests.

This exploit read /dev/cmdb/sslvpn_websession file, this file contains login and passwords in (clear/text). This vulnerability affect (FortiOS 5.4.6 to 5.4.12, FortiOS 5.6.3 to 5.6.7 and FortiOS 6.0.0 to 6.0.4).

https://github.com/Zeop-CyberSec/fortios...ersal_leak
Reply
#2
Thanks for sharing the module which scan and exploit a path traversal vulnerability in the FortiOS SSL VPN web portal
Reply
#3
Thanks buddy helped alot..!
Reply
#4
(December 15, 2020 at 09:06 PM)r00tarded Wrote: Thanks buddy helped alot..!

VIP suscription here ...........
Reply
#5
(December 15, 2020 at 07:49 PM)teamkelvinsecteam Wrote:
FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests.

This exploit read /dev/cmdb/sslvpn_websession file, this file contains login and passwords in (clear/text). This vulnerability affect (FortiOS 5.4.6 to 5.4.12, FortiOS 5.6.3 to 5.6.7 and FortiOS 6.0.0 to 6.0.4).

https://github.com/Zeop-CyberSec/fortios...ersal_leak

your inbox is full, clean some msgs,
Reply
#6
PM me brotha, thank you for the share
Reply
#7
what devices run forti os exactly? Sorry bit of a noob but learning lol.
Reply
#8
damn son where did u find that heaahhahah damn son where did u find that heaahhahah damn son where did u find that heaahhahah
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Social Mapper - A Social Media Mapping Tool that correlates profiles via facia teamkelvinsecteam 4 1,145 April 28, 2021 at 10:31 PM
Last Post: bluedawning
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and teamkelvinsecteam 0 108 April 10, 2021 at 03:48 AM
Last Post: teamkelvinsecteam
urlhunter is a recon tool that allows searching on URLs that are exposed via shortene teamkelvinsecteam 3 342 April 04, 2021 at 11:09 PM
Last Post: bondjamesbond

 Users browsing this thread: 1 Guest(s)