search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.02k stars 13.94k forks source link

FortiClient EMS FCTID SQLi exploit module does not work against vulnerable version range 7.2.x [CVE-2023-48788] #19328

Closed jheysel-r7 closed 2 months ago

jheysel-r7 commented 3 months ago

Steps to reproduce

I haven't reproduced it because I haven't been able to find a vulnerable installer yet. However the blog post this exploit module was based on has release a part 2 detailing how the 7.2.x version range is immune to the exploit tactics implied by the original exploit.

Our last blog post on the FortiClient EMS SQL injection vulnerability, CVE-2023-48788, as it turns out only worked on 7.0.x versions. This article will discuss the differences in exploitation between FortiClient EMS’s two mainline versions: 7.0.x and 7.2.x.

Expected behaviour

The forticlient_ems_fctid_sqli module should return a Meterpreter session when run against a target in the 7.2.x range.

Current behaviour

The forticlient_ems_fctid_sqli module does not return a Meterpreter session

github-actions[bot] commented 2 months ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

jheysel-r7 commented 2 months ago

This work has been completed: https://github.com/rapid7/metasploit-framework/pull/19344