Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-42756 PoC — Fortinet FortiWeb 缓冲区错误漏洞

Source
https://github.com/3ndorph1n/CVE-2021-42756
Associated Vulnerability
Title:Fortinet FortiWeb 缓冲区错误漏洞 (CVE-2021-42756)
Description:Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb 5.x 所有版本、6.0.7 及之前版本、6.1.2 及之前版本、6.2.6 及之前版本、6.3.16 及之前版本、6.4所有版本存在安全漏洞,该漏洞源于代理守护程序中存在多个基于堆栈的缓冲区溢出漏洞,攻击者利用该漏洞可以通过特制的 HTTP
Readme
# CVE-2021-42756

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

## Summary

When MitB protection is enabled, there is no limit to the length of the protected fields. This can lead to a stack overflow.

## PoC

Environment: FortiWeb 6.3.4

<img src="https://github.com/3ndorph1n/CVE-2021-42756/blob/main/poc.png" style="zoom: 67%;" />

## References

* [PSIRT Advisories | FortiGuard](https://www.fortiguard.com/psirt/FG-IR-21-186)
File Snapshot

 [4.0K]  /data/pocs/a89d1c9bb7320958349e3977425e55afd272ba43
├── [3.0K]  CVE-2021-42756.py
├── [125K]  poc.png
└── [ 706]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.