CVE-2021-3378 PoC — RZK Fortilogger 代码问题漏洞

Source

https://github.com/erberkan/fortilogger_arbitrary_fileupload

Associated Vulnerability

Title:RZK Fortilogger 代码问题漏洞 (CVE-2021-3378)
Description:RZK Fortilogger是土耳其RZK公司的一个可为Windows系统上FortiGate防火墙进行即时状态跟踪，日志记录，搜索/过滤，报告和热点等功能的建站系统。 FortiLogger 4.4.2.2 存在安全漏洞，该漏洞源于受任意文件上传的影响。

Description

CVE-2021-3378 | FortiLogger - Unauthenticated Arbitrary File Upload (Metasploit)

Readme


## CVE-2021-3378 | FortiLogger - Unauthenticated Arbitrary File Upload (Metasploit)

* Date: 30-01-2021
* Exploit Author: Berkan Er <b3rsec@protonmail.com>
* Vendor Homepage: https://www.fortilogger.com/
* Software Link: https://www.fortilogger.com/download
* Version: 4.4.2.2
* Tested on: Windows 10 Enterprise x64
* CVE: 2021-3378
* Disclosure Date: 26-02-2021

This module exploits an unauthenticated arbitrary file upload via insecure POST request. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.

> More Details: https://erberkan.github.io/2021/cve-2021-3378/

#### POC:
[![asciicast](https://asciinema.org/a/388098.svg)](https://asciinema.org/a/388098)

File Snapshot


 [4.0K]  /data/pocs/3ecf79ac640a785d6b45d85db2052d4df0b494d7
├── [3.7K]  fortilogger_arbitrary_fileupload.rb
└── [ 677]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!