CVE-2023-27997

This repository contains a Python-based scanner that detects the presence of CVE-2023-27997, a heap-based buffer overflow in FortiGate SSL VPN, by analyzing response timing differences between valid and invalid requests. It does not exploit the vulnerability but safely identifies vulnerable instances.

This repository contains a functional exploit for CVE-2023-27997, a remote code execution vulnerability in FortiGate SSL VPN. The exploit leverages heap manipulation and MD5-based keystream control to overwrite SSL structs and achieve RCE on ARM32 targets.

This repository contains a functional exploit for CVE-2023-27997, leveraging a buffer overflow vulnerability to achieve remote code execution (RCE) via a crafted HTTP POST request. The exploit uses a ROP chain to execute a reverse shell payload, targeting a specific binary with hardcoded gadgets and addresses.

This repository contains a functional exploit for CVE-2023-27997, targeting FortiGate VM64 7.2.0. The exploit leverages heap spraying and MD5 hash manipulation to achieve remote code execution (RCE) via a crafted request to the `/remote/hostcheck_validate` endpoint.

This script uses the Shodan API to search for FortiOS devices vulnerable to CVE-2023-27997 by querying for specific HTTP headers and response patterns. It does not exploit the vulnerability but identifies potentially affected systems.

This repository contains a Python script that checks for the presence of CVE-2023-27997, a heap overflow vulnerability in FortiGate SSL VPN, by analyzing response time differences between crafted requests. It does not exploit the vulnerability but detects it through statistical analysis.

The repository contains a Python script that detects the presence of CVE-2023-27997, a heap-based buffer overflow vulnerability in Fortinet SSL VPN, by analyzing response time differences between crafted requests. It does not exploit the vulnerability but confirms its existence through statistical analysis.

This repository contains a GitHub Actions-based scanner for CVE-2023-27997, designed to detect vulnerable Fortinet devices by checking domains in batches. It uses Python scripts and tools like httpx/dnsx to identify vulnerable targets but does not include exploit code.

This repository contains a functional exploit PoC for CVE-2023-27997, a heap-based buffer overflow in FortiGate SSL-VPN that allows unauthenticated remote code execution. The exploit includes a ROP chain and demonstrates the vulnerability by sending a crafted GET request to the '/remote/hostcheck_validate' endpoint.

This repository contains a functional exploit for CVE-2023-27997, targeting a heap-based buffer overflow vulnerability in Fortinet FortiOS SSL-VPN. The exploit includes hash calculation, heap spraying, and payload generation to achieve remote code execution.

The PoC demonstrates a DoS vulnerability in Fortinet FortiOS/FortiProxy by sending a large number of crafted POST requests with an oversized payload to the login endpoint, causing resource exhaustion. The exploit uses multiple threads to amplify the attack.