Closed jheysel-r7 closed 2 months ago
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
This work has been completed: https://github.com/rapid7/metasploit-framework/pull/19344
Steps to reproduce
I haven't reproduced it because I haven't been able to find a vulnerable installer yet. However the blog post this exploit module was based on has release a part 2 detailing how the 7.2.x version range is immune to the exploit tactics implied by the original exploit.
Expected behaviour
The
forticlient_ems_fctid_sqli
module should return a Meterpreter session when run against a target in the 7.2.x range.Current behaviour
The
forticlient_ems_fctid_sqli
module does not return a Meterpreter session