FortiOS (Fortinet) – Open Redirect and Cross Site Scripting

March 20, 2016 007admin Leave a comment

Posted by Javier Nieto on Mar 20

Description
===================================================================
The FortiOS webui accepts a user-controlled input that specifies a link to
an external site, and uses that link in a redirect.

The redirect input parameter is also prone to a cross site scripting.

Public Fortinet Security Advisory (Mar 16 2016):
http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability

PoC…

007 Software

FortiOS (Fortinet) – Open Redirect and Cross Site Scripting

Leave a Reply Cancel reply

Software and Security Information