Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-13379

Description

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

POC

Reference

- https://fortiguard.com/advisory/FG-IR-18-384

Github

- https://github.com/0ps/pocassistdb

- https://github.com/0xHunter/FortiOS-Credentials-Disclosure

- https://github.com/0xT11/CVE-POC

- https://github.com/1ASI0540-2510-13992-G4/report

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/sectool

- https://github.com/7Elements/Fortigate

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Advisory-Newsletter/Conti-Ransomware

- https://github.com/Advisory-Newsletter/Cring-Ransomware

- https://github.com/Advisory-Newsletter/REvil-

- https://github.com/B1anda0/CVE-2018-13379

- https://github.com/Blazz3/cve2018-13379-nmap-script

- https://github.com/BunNYb8989/Conti

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/GhostTroops/TOP

- https://github.com/HimmelAward/Goby_POC

- https://github.com/JERRY123S/all-poc

- https://github.com/Legadro/Legadro-Forti-Scanner

- https://github.com/MelanyRoob/Goby

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/RedcentricCyber/Fortigate

- https://github.com/SV223/TryHackMe-Conti

- https://github.com/SexyBeast233/SecBooks

- https://github.com/TebbaaX/Vault6

- https://github.com/TylersTech2020/AllinOnePenTest

- https://github.com/W01fh4cker/Serein

- https://github.com/Whitehorse-rainbow/-Infiltration-summary

- https://github.com/YannickAtabong9/CONTI

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ZTK-009/RedTeamer

- https://github.com/Zeop-CyberSec/fortios_vpnssl_traversal_leak

- https://github.com/akmalovaa/crowdsec-blocklist

- https://github.com/alphaSeclab/sec-daily-2020

- https://github.com/amcai/myscan

- https://github.com/anasbousselham/fortiscan

- https://github.com/aryanchoudhary11/CEH-Modules

- https://github.com/aryanchoudhary11/Footprinting-and-Reconnaissance

- https://github.com/bincentc/IT-and-OT-Convergance

- https://github.com/cetriext/fireeye_cves

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/demforce/FortiFuck-Checker

- https://github.com/doylej123/jack-doyle-project

- https://github.com/fengjixuchui/RedTeamer

- https://github.com/gobysec/Goby

- https://github.com/hktalent/TOP

- https://github.com/iGotRootSRC/Dorkers

- https://github.com/imthenachoman/How-To-Secure-A-Linux-Server

- https://github.com/izj007/wechat

- https://github.com/jam620/forti-vpn

- https://github.com/jbmihoub/all-poc

- https://github.com/jpiechowka/at-doom-fortigate

- https://github.com/jweny/pocassistdb

- https://github.com/k4nfr3/CVE-2018-13379-Fortinet

- https://github.com/kh4sh3i/CVE-2018-13379

- https://github.com/koorchik/dissert

- https://github.com/koorchik/llm-analysis-of-text-data

- https://github.com/merlinepedra/nuclei-templates

- https://github.com/merlinepedra25/nuclei-templates

- https://github.com/milo2012/CVE-2018-13379

- https://github.com/murchie85/twitterCyberMonitor

- https://github.com/n0-traces/cve_monitor

- https://github.com/nescam123/forti

- https://github.com/nholuongut/secure-a-linux-server

- https://github.com/nitish778191/fitness_app

- https://github.com/nivdolgin/CVE-2018-13379

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/password520/RedTeamer

- https://github.com/pondoksiber/Catatan_CVE

- https://github.com/pwn3z/CVE-2018-13379-FortinetVPN

- https://github.com/r0eXpeR/supplier

- https://github.com/retr0-13/Goby

- https://github.com/scagogogo/cve

- https://github.com/sobinge/nuclei-templates

- https://github.com/soosmile/POC

- https://github.com/triw0lf/Security-Matters-22

- https://github.com/warriordog/little-log-scan

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whitfieldsdad/epss

- https://github.com/whoami13apt/files2

- https://github.com/yukar1z0e/CVE-2018-13379

- https://github.com/zhanpengliu-tencent/medium-cve