About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive- 1420

Zach Hanley - Horizon AIPosted 1 Year Ago
  • CVE-2023-34992 was for FortiSIEM command injection vulnerability. The phMonitor takes in a server_ip variable. This was being used to execute a python script via os.system that led to a command injection.
  • The vulnerability was fixed by just validating the IP address being passed in, solving the immediate issue. Within the same request as the original command injection, there is another field called mount_point. This field is saved then used in another script when testing the mount.
  • With this, we have a second order command injection that we first make a request to save the data then another request to execute the exploit from the saved data. I enjoyed this aspect of the exploit, as second order bugs are commonly forgotten about. Overall, good bug report :)

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed