CVE-2018-13379

This exploit leverages a path traversal vulnerability in Fortinet FortiOS SSL VPN to read the `/dev/cmdb/sslvpn_websession` file, which contains cleartext login credentials. It sends a crafted HTTP request to leak sensitive data and parses the binary response.

This exploit leverages a path traversal vulnerability in Fortinet FortiOS to read sensitive session files containing cleartext credentials. It checks for vulnerability, leaks the file, and parses it to extract readable data.

This PoC exploits CVE-2018-13379, a path traversal vulnerability in FortiOS SSL VPN, to leak session files containing sensitive information. It checks for vulnerable endpoints and dumps the contents of `/dev/cmdb/sslvpn_websession` for analysis.

This repository contains an Nmap NSE script for detecting CVE-2018-13379, a path traversal vulnerability in Fortinet FortiOS SSL VPN web portal. The script is designed to identify the vulnerability by crafting HTTP requests to download system files.

This Metasploit module exploits a path traversal vulnerability in FortiOS SSL VPN to leak credentials from the `/dev/cmdb/sslvpn_websession` file. It sends a crafted HTTP request to retrieve sensitive data and optionally stores credentials in the database.

This is a Python script designed to scan for CVE-2018-13379, a path traversal vulnerability in Fortinet FortiOS SSL VPN. It checks for the presence of the vulnerability by attempting to access a specific file path and verifying the response.

This PoC exploits CVE-2018-13379, a path traversal vulnerability in FortiOS SSL VPN, to leak sensitive session files containing credentials in cleartext. It automates the process of checking vulnerability status and extracting data from affected hosts.

This exploit targets CVE-2018-13379, a path traversal vulnerability in FortiOS SSL VPN web portal. It leaks sensitive session files containing credentials by accessing an unauthorized file path. The script automates the exploitation process and parses the leaked data.

This repository contains a tool to scan for vulnerable Fortigate hosts affected by CVE-2018-13379 using Rapid7 Project Sonar data. It leverages the Tor network for anonymity and checks for the presence of the vulnerability by sending HTTP requests to a specific path.

This repository contains a functional multi-threaded exploit for CVE-2018-13379, a path traversal vulnerability in Fortinet FortiOS SSL VPN. The exploit reads session files to extract cleartext credentials and saves them to CSV and PostgreSQL.

This repository contains a bash script that scans for CVE-2018-13379, a path traversal vulnerability in Fortinet FortiOS SSL VPN. The script checks for vulnerable hosts by sending crafted HTTP requests to download system files.

This is a functional proof-of-concept exploit for CVE-2018-13379, a path traversal vulnerability in Fortinet FortiGate SSL VPN. It allows unauthenticated attackers to download system files, specifically targeting session files via a crafted HTTP request.

This is a functional exploit for CVE-2018-13379, a path traversal vulnerability in Fortinet FortiOS SSL VPN. It downloads session files and extracts usernames and session tokens for unauthorized access.

This repository contains IOCs (Indicators of Compromise) related to CVE-2018-13379 and its exploitation by threat actors, specifically referencing Cobalt Strike. It does not contain exploit code but provides attribution and references to external analysis.

This repository contains a scanner for CVE-2018-13379, a path traversal vulnerability in Fortinet SSL VPN. The script checks for the vulnerability by sending a crafted HTTP request to the target and analyzing the response.