Skip to content

watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
watchTowr-vs-Fortiweb-AuthBypass.py
watchTowr-vs-Fortiweb-AuthBypass.py
 
 

Repository files navigation

watchTowr-vs-Fortiweb-AuthBypass

Detection Artifact Generator for FortiWeb Authentication Bypass

See our blog post for technical details

Detection in Action

python watchTowr-vs-Fortiweb-AuthBypass.py 192.168.1.99
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        watchTowr-vs-Fortiweb-AuthBypass.py

        (*) FortiWeb Authentication Bypass Artifact Generator

          - Sina Kheirkhah (@SinSinology) and Jake Knott (@inkmoro) of watchTowr (@watchTowrcyber)

        CVEs: [CVE-2025-xxxxx]

[+] Exploit sent successfully.
[*] Check for the new user [ 35f36895 ] with password [ 35f36895 ]

Description

This script attempts to detect if FortiWeb is vulnerable to Authentication Bypass

Affected Versions

FortiWeb Versions Below 8.0.2 are affected, for more specific versions please contact FortiGuard Labs PSIRT

Follow watchTowr Labs

For the latest security research follow the watchTowr Labs Team

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

75 stars

Watchers

2 watching

Forks

14 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages