Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-23113 PoC — Fortinet FortiOS 格式化字符串错误漏洞

Source
https://github.com/radoslavatanasov1/CVE-2024-23113
Associated Vulnerability
Title:Fortinet FortiOS 格式化字符串错误漏洞 (CVE-2024-23113)
Description:Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS存在格式化字符串错误漏洞,该漏洞源于使用外部控制的格式字符串,允许攻击者通过特制数据包执行未经授权的代码或命令。
Description
POC TO RCE
Readme
you have to find the correct offsets             payload = b"reply 200\r\nrequest=auth\r\nauthip=<address_of_system> <address_of_command_string>\r\n\r\n\x00"
and place them there, after that the script will sucessfully upload your commands hense RCE

PLEASE DO NOT USE THIS FOR ANY MAL ACTIVICY, I DO THIS FOR FUN AND ANYTHING YOU DO YOURE ON YOUR OWN!
File Snapshot

 [4.0K]  /data/pocs/92d3a92b632ed54f76f86ba7cd25a0400403325a
├── [3.1K]  exploit.py
└── [ 353]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.