关联漏洞
标题:Fortinet FortiWeb SQL注入漏洞 (CVE-2025-25257)描述:Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb 7.6.3及之前版本、7.4.7及之前版本、7.2.10及之前版本和7.0.10之前版本存在SQL注入漏洞,该漏洞源于对SQL命令中特殊元素中和不当,可能导致SQL注入攻击。
描述
CVE-2025-25257 PoC for educational use and/or authorised pentesting.
介绍
# Fortinet FortiWeb CVE-2025-25257 Vulnerability Tester
[](https://docs.microsoft.com/en-us/powershell/)
[](https://opensource.org/licenses/MIT)
## Description
This PowerShell script is designed for **authorized penetration testing** purposes only. It tests Fortinet FortiWeb appliances for CVE-2025-25257, an unauthenticated SQL injection vulnerability in the `/api/fabric/device/status` endpoint.
The script:
- Ignores TLS certificate errors for testing environments.
- Accepts a single target (IP/DNS with optional port) or a list of targets from a file.
- If no port is specified, it scans common ports: 541, 443, 10443, 8443, 4433.
- Sends an HTTP HEAD request to check endpoint accessibility.
- If accessible, sends a GET request with a SQL injection payload in the Authorization header to test for the vulnerability.
**Important Disclaimer:**
This tool is intended solely for ethical, authorized use in penetration testing or vulnerability assessment scenarios. Unauthorized use may violate laws such as the Computer Fraud and Abuse Act (CFAA) or equivalent regulations in your jurisdiction. Ensure you have explicit permission from the target owner before running this script. The author assumes no liability for misuse.
## Requirements
- PowerShell 5.1 or later (compatible with Windows PowerShell or PowerShell Core).
- Administrative privileges may be required depending on your environment.
- No additional modules needed; uses built-in `Invoke-WebRequest`.
## Installation
1. Clone the repository:
```
git clone https://github.com/mr-r3b00t/CVE-2025-25257.git
```
2. Navigate to the project directory:
```
cd CVE-2025-25257
```
The script is located at `script.ps1`.
## Usage
Run the script from PowerShell with one of the following options:
### Single Target
Specify a single IP or DNS name, optionally with a port (e.g., `192.168.1.1:443`).
```
.\script.ps1 -Target "192.168.1.1:443"
```
Or without port (scans default ports):
```
.\script.ps1 -Target "example.com"
```
### Input File
Provide a text file with one target per line (e.g., `targets.txt`).
```
.\script.ps1 -InputFile "targets.txt"
```
Example `targets.txt` content:
```
192.168.1.1:443
example.com
10.0.0.1
```
### Output
The script will output results for each target and port, including:
- Accessibility check (HEAD request).
- Vulnerability test results (GET request with payload).
- Response status and content if applicable.
Sample Output:
```
Testing https://192.168.1.1:443/api/fabric/device/status for CVE-2025-25257
Endpoint accessible (HEAD 200 OK). Proceeding with GET request for vulnerability test.
GET Response Status: 200
Potential vulnerability detected (200 OK with payload). Check content for confirmation.
GET Response Content: {"devices": [...]}
```
## How It Works
1. **TLS Ignoring:** Configures PowerShell to bypass certificate validation for testing.
2. **Target Parsing:** Handles single targets or file inputs, parsing optional ports.
3. **Port Scanning:** Tries predefined ports if none specified.
4. **HEAD Request:** Checks if the endpoint is reachable.
5. **GET Request with Payload:** Uses a SQL injection test in the `Authorization` header (`Bearer AAAAAA'or'1'='1`).
6. **Vulnerability Indication:** A 200 OK response with the payload may indicate vulnerability; manual verification is recommended.
## Limitations
- This is a basic proof-of-concept tester and does not exploit the vulnerability—only tests for potential exposure.
- False positives/negatives possible; always confirm with official Fortinet advisories.
- No support for HTTP (only HTTPS).
- Timeout set to 10 seconds per request.
## Contributing
Contributions are welcome! Please fork the repository and submit a pull request with improvements, bug fixes, or additional features.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## References
- CVE-2025-25257 Details: [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-25257) (placeholder; replace with actual link if available).
- Fortinet Security Advisory: [Fortinet PSIRT](https://www.fortiguard.com/psirt).
For questions or issues, open a GitHub issue.
文件快照
[4.0K] /data/pocs/85366da5fa089d2e4bc7e6cd4b55b791074d9eaa
├── [3.7K] CVE-2025-25257.ps1
└── [4.2K] README.md
1 directory, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。