CVE-2022-40684 PoC — Fortinet FortiOS 授权问题漏洞

Source

https://github.com/z-bool/CVE-2022-40684

Associated Vulnerability

Title:Fortinet FortiOS 授权问题漏洞 (CVE-2022-40684)
Description:Fortinet FortiOS是美国飞塔（Fortinet）公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS存在授权问题漏洞。目前尚无此漏洞的相关信息，请随时关注CNNVD或厂商公告。

Description

一键枚举所有用户名以及写入SSH公钥

Readme

# CVE-2022-40684
一键枚举所有用户名以及写入SSH公钥

整合并优化了这两个仓库的代码，使其实现一键枚举所有用户名并写入ssh公钥的结果：
https://github.com/carlosevieira/CVE-2022-40684/blob/main/exploit.py
https://github.com/horizon3ai/CVE-2022-40684/blob/master/CVE-2022-40684.py

```bash
python exp.py -u https://xxxx
```

详细介绍关注公众号：阿呆攻防

File Snapshot


 [4.0K]  /data/pocs/41175d75565ec9f0dbf1520952eaab0617778677
├── [2.9K]  exp.py
├── [ 413]  README.md
└── [ 83K]  result.png

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!