Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-23113 PoC — Fortinet FortiOS 格式化字符串错误漏洞

Source
https://github.com/groshi/CVE-2024-23113-Private-POC
Associated Vulnerability
Title:Fortinet FortiOS 格式化字符串错误漏洞 (CVE-2024-23113)
Description:A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Description
CVE-2024-23113-Private-POC
Readme
**CVE-2024-23113: Critical Remote Code Execution (RCE) vulnerability in VMWare vSphere.**
Description: This vulnerability impacts vSphere's API gateway, where inadequate input validation allows a malicious actor with network access to trigger arbitrary code execution via specially crafted requests. Unauthorized attackers can exploit this to potentially compromise sensitive systems and data.

**Vulnerability Overview**
CVE-2024-23113 is an RCE vulnerability that enables attackers to run arbitrary commands on the target system through malformed network requests. The issue arises from improper handling of inputs, permitting unauthorized actions on the affected system. Remote attackers may leverage this flaw for system compromise and access to sensitive information.

Issue: Insufficient input validation or access control flaw in vSphere’s API gateway.
Impact: Allows remote, unauthenticated attackers to execute arbitrary code or access sensitive data.
Severity: High (risk of remote exploitation).
Mitigation: Update to the latest software version and monitor for suspicious activity.
Affected Systems: Refer to affected software documentation for precise version details.

![image](https://github.com/user-attachments/assets/0d11da60-9375-4ba3-81e7-3e60c0ecdc6b)


**Private Exploit (Limited to 100 Hands)**

Access exploit via private sale: 

**[Download](https://satoshidisk.com/pay/CMjDLC)**

**Exploit Requirements**
Python: Version 3.9 or higher.
**Dependencies:** Run pip install requests to install required packages.

**Exploit Instructions for CVE-2024-23113**
Prepare the Target: Ensure the target is running a vulnerable software version.

Clone the Exploit: Obtain exploit.py from a private repository.

Execute Commands: Run arbitrary commands on the target system with the following command:


python exploit.py -h <target_ip> -p <target_port> -c '<command>'
Example:

python exploit.py -h 192.168.1.10 -p 8080 -c 'uname -a'
Optional Flags:

-t: Specify custom timeout (default is 10 seconds).
-r: Retry attempts if initial exploit fails.
Sample Command:

python exploit.py -h 10.0.0.5 -p 443 -c 'whoami'
Post-Exploitation: Upon successful execution, command output will display. Chain commands to escalate privileges or extract data as necessary.

Important Notes
Environment: Use only in controlled environments where testing is authorized.
Access: Ensure network access to the target system.
Patch: Apply patches post-testing to secure against unauthorized exploitation.

**Contact
For inquiries, contact: groshi@thesecure.biz**

**Use this exploit responsibly in secure environments only.**
File Snapshot

 [4.0K]  /data/pocs/07a1e27456607d99eeb4727e4129d19b31ef4286
├── [  35]  Download
└── [2.6K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →