GobyVuls/FortiLogger/CVE-2021-3378/README.md

# FortiLogger Unauth Arbitrary File Upload(CVE-2021-3378)

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a \"Content-Type: image/png\" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.

**FOFA query rule**: [app="Fortilogger-|-Log-and-Report-System"](https://fofa.so/result?qbase64=YXBwPSJGb3J0aWxvZ2dlci18LUxvZy1hbmQtUmVwb3J0LVN5c3RlbSI%3D)

# Demo

![](CVE_2021_3378.gif)
add CVE-2021-3378 add CVE-2021-3378 2021-07-22 17:56:35 +08:00			`# FortiLogger Unauth Arbitrary File Upload(CVE-2021-3378)`
add CVE-2021-3378 2021-07-22 17:36:58 +08:00
			`FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a \"Content-Type: image/png\" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.`

			`FOFA query rule: [app="Fortilogger-\|-Log-and-Report-System"](https://fofa.so/result?qbase64=YXBwPSJGb3J0aWxvZ2dlci18LUxvZy1hbmQtUmVwb3J0LVN5c3RlbSI%3D)`

			`# Demo`

			`![](CVE_2021_3378.gif)`