### [CVE-2018-13379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379)
![](https://img.shields.io/static/v1?label=Product&message=Fortinet%20FortiOS%2C%20FortiProxy&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20disclosure&color=brighgreen)

### Description

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

### POC

#### Reference
- https://fortiguard.com/advisory/FG-IR-18-384

#### Github
- https://github.com/0ps/pocassistdb
- https://github.com/0xHunter/FortiOS-Credentials-Disclosure
- https://github.com/0xT11/CVE-POC
- https://github.com/20142995/sectool
- https://github.com/7Elements/Fortigate
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Advisory-Newsletter/Conti-Ransomware
- https://github.com/Advisory-Newsletter/Cring-Ransomware
- https://github.com/Advisory-Newsletter/REvil-
- https://github.com/B1anda0/CVE-2018-13379
- https://github.com/Blazz3/cve2018-13379-nmap-script
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GhostTroops/TOP
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/Legadro/Legadro-Forti-Scanner
- https://github.com/MelanyRoob/Goby
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SexyBeast233/SecBooks
- https://github.com/TebbaaX/Vault6
- https://github.com/W01fh4cker/Serein
- https://github.com/Whitehorse-rainbow/-Infiltration-summary
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/RedTeamer
- https://github.com/Zeop-CyberSec/fortios_vpnssl_traversal_leak
- https://github.com/alphaSeclab/sec-daily-2020
- https://github.com/amcai/myscan
- https://github.com/anasbousselham/fortiscan
- https://github.com/cetriext/fireeye_cves
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/demforce/FortiFuck-Checker
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/gobysec/Goby
- https://github.com/hktalent/TOP
- https://github.com/iGotRootSRC/Dorkers
- https://github.com/izj007/wechat
- https://github.com/jam620/forti-vpn
- https://github.com/jbmihoub/all-poc
- https://github.com/jpiechowka/at-doom-fortigate
- https://github.com/jweny/pocassistdb
- https://github.com/k4nfr3/CVE-2018-13379-Fortinet
- https://github.com/merlinepedra/nuclei-templates
- https://github.com/merlinepedra25/nuclei-templates
- https://github.com/milo2012/CVE-2018-13379
- https://github.com/murchie85/twitterCyberMonitor
- https://github.com/nescam123/forti
- https://github.com/nivdolgin/CVE-2018-13379
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/password520/RedTeamer
- https://github.com/pwn3z/CVE-2018-13379-FortinetVPN
- https://github.com/r0eXpeR/supplier
- https://github.com/retr0-13/Goby
- https://github.com/sobinge/nuclei-templates
- https://github.com/soosmile/POC
- https://github.com/triw0lf/Security-Matters-22
- https://github.com/warriordog/little-log-scan
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whitfieldsdad/epss
- https://github.com/whoami13apt/files2
- https://github.com/yukar1z0e/CVE-2018-13379