Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-25257 PoC — Fortinet FortiWeb SQL注入漏洞

Source
https://github.com/segfault-it/CVE-2025-25257
Associated Vulnerability
Title:Fortinet FortiWeb SQL注入漏洞 (CVE-2025-25257)
Description:Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb 7.6.3及之前版本、7.4.7及之前版本、7.2.10及之前版本和7.0.10之前版本存在SQL注入漏洞,该漏洞源于对SQL命令中特殊元素中和不当,可能导致SQL注入攻击。
Description
A working (at least for me :] ) exploit for CVE-2025-25257
Readme
# CVE-2025-25257
Exploits for CVE-2025-25257 released by watchtowr and others I found on github did not work on my installations of fortiweb
downloaded from the official vendor website. I ripped some of these exploit codes to make a poc capable to pop a reverse shell 
on my environment. IP address and port of the reverse shell are hardcoded and must be changed ofc.

Exploit analysis and walkthough have been described in a two-part videos in my youtube channel (ITA language, ENG subtitles):
- Part 1: https://youtu.be/Z6I4adGuJ1c
- Part 2: https://youtu.be/Z6I4adGuJ1c
File Snapshot

 [4.0K]  /data/pocs/743796bb6a8fc17b0818000a2e12c9c7c661de93
├── [ 573]  README.md
└── [3.3K]  watchtowel.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.