漏洞平台

POC详情： ce7db180a1af7f482a3ff43a415adf45ba84c75a

来源

https://github.com/MAVRICK-1/cve-2024-23113-test-env

关联漏洞

标题： Fortinet FortiOS 格式化字符串错误漏洞 (CVE-2024-23113)
描述：Fortinet FortiOS是美国飞塔（Fortinet）公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS存在格式化字符串错误漏洞，该漏洞源于使用外部控制的格式字符串，允许攻击者通过特制数据包执行未经授权的代码或命令。

介绍

# CVE-2024-23113 FortiOS Test Environment

A Docker-based test environment for validating CVE-2024-23113 Nuclei templates against simulated vulnerable FortiOS instances.

## 🔍 Overview

This environment simulates vulnerable FortiOS HTTP interfaces to test the detection capabilities of CVE-2024-23113 Nuclei templates. It provides realistic FortiOS responses including login pages, API endpoints, and proper version information.

## 🚀 Quick Start

### Prerequisites
- Docker
- Docker Compose
- Nuclei (for testing)

### Basic Setup

1. **Clone and build:**
```bash
git clone <this-repository>
cd cve-2024-23113-test-env
docker-compose up -d
```

2. **Verify the environment:**
```bash
curl http://localhost:8080/
```

3. **Test with Nuclei:**
```bash
# Test against vulnerable instance
nuclei -t CVE-2024-23113.yaml -u http://localhost:8080 -v

# Test with debug output
nuclei -t CVE-2024-23113.yaml -u http://localhost:8080 -debug
```

## 🎯 Available Environments

### Default Environment
- **Service**: `fortios-vulnerable`
- **Port**: `8080`
- **Version**: FortiOS v7.2.5 (vulnerable)
- **URL**: `http://localhost:8080`

### Additional Test Environments

```bash
# Start patched version for comparison
docker-compose --profile patched up -d

# Start multiple vulnerable versions
docker-compose --profile multiple up -d
```

#### Available Profiles:
- **Default**: FortiOS v7.2.5 (vulnerable) - Port 8080
- **Patched**: FortiOS v7.2.7 (patched) - Port 8081
- **Multiple**: 
  - FortiOS v7.4.1 (vulnerable) - Port 8082
  - FortiOS v7.0.10 (vulnerable) - Port 8083

## 🔧 Configuration

### Environment Variables

| Variable | Description | Default |
|----------|-------------|---------|
| `FORTIOS_VERSION` | FortiOS version to simulate | `7.2.5` |
| `PORT` | Container internal port | `8080` |

### Custom Version

```bash
# Run specific version
docker run -p 8080:8080 -e FORTIOS_VERSION=7.4.2 cve-2024-23113-test
```

## 📡 API Endpoints

The simulated FortiOS provides these endpoints:

| Endpoint | Description | Content-Type |
|----------|-------------|--------------|
| `/` | Main login page | `text/html` |
| `/login` | Login form | `text/html` |
| `/remote/login` | Remote access portal | `text/html` |
| `/api/v2/monitor/system/status` | System status API | `application/json` |
| `/api/v2/cmdb/system/global` | Global config API | `application/json` |

### Example API Response
```json
{
  "version": "v7.2.5",
  "hostname": "TEST-FORTIGATE",
  "serial": "FGTVM1234567890",
  "build": 1396,
  "model": "FortiGate-VM64"
}
```

## 🧪 Testing Scenarios

### Vulnerable Versions Detection
```bash
# Test vulnerable versions
nuclei -t CVE-2024-23113.yaml -u http://localhost:8080     # v7.2.5
nuclei -t CVE-2024-23113.yaml -u http://localhost:8082     # v7.4.1  
nuclei -t CVE-2024-23113.yaml -u http://localhost:8083     # v7.0.10
```

### Patched Version Validation
```bash
# Test patched version (should not detect)
nuclei -t CVE-2024-23113.yaml -u http://localhost:8081     # v7.2.7
```

### Batch Testing
```bash
# Test all instances
echo -e "http://localhost:8080\nhttp://localhost:8081\nhttp://localhost:8082\nhttp://localhost:8083" | nuclei -t CVE-2024-23113.yaml -l /dev/stdin
```

## 🔍 Manual Testing

### Check Service Response
```bash
# Basic connectivity
curl -v http://localhost:8080/

# API endpoint
curl -s http://localhost:8080/api/v2/monitor/system/status | jq .

# Check headers
curl -I http://localhost:8080/
```

### Expected Vulnerable Indicators
- **HTML**: Contains `FortiOS v7.2.5`
- **Server Header**: `FortiGate-HTTP/v7.2.5`
- **API Response**: `"version": "v7.2.5"`

## 🐛 Troubleshooting

### Common Issues

#### Port Already in Use
```bash
# Check what's using the port
netstat -tlnp | grep 8080

# Use different port
docker-compose up -d --scale fortios-vulnerable=0
docker run -p 8090:8080 cve-2024-23113-test
```

#### Container Won't Start
```bash
# Check logs
docker-compose logs fortios-vulnerable

# Rebuild image
docker-compose build --no-cache
```

#### Health Check Failing
```bash
# Check container health
docker ps
docker exec cve-2024-23113-vulnerable curl -f http://localhost:8080/
```

### Debugging

```bash
# View real-time logs
docker-compose logs -f

# Interactive shell
docker exec -it cve-2024-23113-vulnerable /bin/bash

# Test from inside container
docker exec cve-2024-23113-vulnerable curl localhost:8080
```

## 📋 Vulnerable Versions

This environment can simulate any of these vulnerable versions:

### FortiOS
- 7.4.0, 7.4.1, 7.4.2
- 7.2.0 through 7.2.6  
- 7.0.0 through 7.0.13

### FortiProxy  
- 7.4.0, 7.4.1, 7.4.2
- 7.2.0 through 7.2.8
- 7.0.0 through 7.0.14

### Example Usage
```bash
# Test different vulnerable versions
docker run -p 8080:8080 -e FORTIOS_VERSION=7.4.0 cve-2024-23113-test
docker run -p 8081:8080 -e FORTIOS_VERSION=7.0.13 cve-2024-23113-test
```

## 🏗️ Development

### Building from Source
```bash
# Build image
docker build -t cve-2024-23113-test .

# Run manually
docker run -p 8080:8080 cve-2024-23113-test
```

### Customizing Responses
Edit `server.py` to modify:
- HTML responses
- API endpoint data
- Server headers
- Version information

## ⚠️ Security Notice

**This is a test environment only:**
- ✅ Use for security testing and template validation
- ✅ Use in isolated lab environments  
- ❌ **Never expose to public networks**
- ❌ **Never use in production**

## 📚 References

- [CVE-2024-23113 Details](https://nvd.nist.gov/vuln/detail/CVE-2024-23113)
- [Fortinet Security Advisory](https://www.fortiguard.com/psirt/FG-IR-24-029)
- [CISA KEV Catalog](https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog)
- [Nuclei Templates Repository](https://github.com/projectdiscovery/nuclei-templates)

## 📞 Support

For issues with this test environment:
1. Check the troubleshooting section
2. Review container logs
3. Verify Nuclei template syntax
4. Test with manual curl requests

---

**Remember**: This environment is for authorized security testing only. Always ensure you have permission before testing any systems.

文件快照


 [4.0K]  /data/pocs/ce7db180a1af7f482a3ff43a415adf45ba84c75a
├── [1.8K]  docker-compose.yml
├── [ 497]  Dockerfile
├── [6.0K]  README.md
└── [6.9K]  server.py

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。