.. / CVE-2016-3978

Exploit for Fortinet FortiOS - Open Redirect/Cross-Site Scripting (CVE-2016-3978)

Description:

FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the “redirect” parameter to “login.”

Nuclei Template

View the template here CVE-2016-3978.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-3978.yaml

References:

http://www.securitytracker.com/id/1035332
http://seclists.org/fulldisclosure/2016/Mar/68
http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2016-3978

.. / CVE-2016-3978 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Fortinet FortiOS - Open Redirect/Cross-Site Scripting (CVE-2016-3978)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-3978