Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-40684 PoC — Fortinet FortiOS 授权问题漏洞

Source
https://github.com/jsongmax/Fortinet-CVE-2022-40684
Associated Vulnerability
Title:Fortinet FortiOS 授权问题漏洞 (CVE-2022-40684)
Description:An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Readme
# Fortinet-CVE-2022-40684


## 工具简介

针对 CVE-2022-40684 的快速利用工具,新手代码,有问题欢迎提issus


## 使用方法

<code> main -t http://127.0.0.1 -u admin -f path-of-ssh-key.pub </code>


## 免责声明

本工具仅面向合法授权的企业安全建设行为,例如企业内部攻防演练、漏洞验证和复测,如您需要测试本工具的可用性,请自行搭建靶机环境。

在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标使用。

如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。
File Snapshot

 [4.0K]  /data/pocs/36a62129059e80f1cabae5f330e37c79be07fb9f
├── [1.4K]  go.mod
├── [ 33K]  go.sum
├── [4.0K]  lib
│   └── [4.0K]  c_2022_40684
│       └── [1.5K]  c_2022_40684.go
├── [ 947]  main.go
└── [ 737]  README.md

2 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →