automatic module_metadata_base.json update
This commit is contained in:
parent
3f9e4e2d82
commit
4e17ccede4
|
@ -18078,15 +18078,19 @@
|
|||
"disclosure_date": null,
|
||||
"type": "auxiliary",
|
||||
"author": [
|
||||
"Meh Chang",
|
||||
"Orange Tsai",
|
||||
"lynx (Carlos Vieira)",
|
||||
"mekhalleh (RAMELLA Sébastien)"
|
||||
],
|
||||
"description": "Fortinet FortiOS versions 5.4.6 to 5.4.12, 5.6.3 to 5.6.7 and 6.0.0 to\n 6.0.4 are vulnerable to a path traversal vulnerability within the SSL VPN\n web portal which allows unauthenticated attackers to download FortiOS system\n files through specially crafted HTTP requests.\n\n This module exploits this vulnerability to read the usernames and passwords\n of users currently logged into the FortiOS SSL VPN, which are stored in\n plaintext in the \"/dev/cmdb/sslvpn_websession\" file on the VPN server.",
|
||||
"references": [
|
||||
"CVE-2018-13379",
|
||||
"URL-https://www.fortiguard.com/psirt/FG-IR-18-384",
|
||||
"EDB-47287",
|
||||
"EDB-47288"
|
||||
"EDB-47288",
|
||||
"URL-https://www.fortiguard.com/psirt/FG-IR-18-384",
|
||||
"URL-https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf",
|
||||
"URL-https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/"
|
||||
],
|
||||
"platform": "",
|
||||
"arch": "",
|
||||
|
@ -18107,7 +18111,7 @@
|
|||
"https"
|
||||
],
|
||||
"targets": null,
|
||||
"mod_time": "2021-06-03 07:57:31 +0000",
|
||||
"mod_time": "2022-04-16 06:52:59 +0000",
|
||||
"path": "/modules/auxiliary/gather/fortios_vpnssl_traversal_creds_leak.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "gather/fortios_vpnssl_traversal_creds_leak",
|
||||
|
@ -18115,6 +18119,15 @@
|
|||
"post_auth": false,
|
||||
"default_credential": false,
|
||||
"notes": {
|
||||
"Stability": [
|
||||
"crash-safe"
|
||||
],
|
||||
"Reliability": [
|
||||
|
||||
],
|
||||
"SideEffects": [
|
||||
"ioc-in-logs"
|
||||
]
|
||||
},
|
||||
"session_types": false,
|
||||
"needs_cleanup": false
|
||||
|
|
Loading…
Reference in New Issue