Proof of concept exploit to blindly execute commands as root on vulnerable FortiSIEM appliances. I just quickly added the option to supply a list and added some coloring. The orginal (and all the cred) goes to horizon3 (see blog post below)
An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.
What do you think?
It is nice to know your opinion. Leave a comment.