watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass

# watchTowr-vs-Fortiweb-AuthBypass FortiWeb 认证绕过检测特征生成器 有关技术详情，请参阅我们的[博客文章](https://labs.watchtowr.com/) # 检测演示 ``` python watchTowr-vs-Fortiweb-AuthBypass.py 192.168.1.99 __ ___ ___________ __ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________ \ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \ \ / / __ \| | \ \___| Y | |( <_> \ / | | \/ \/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__| \/ \/ \/ watchTowr-vs-Fortiweb-AuthBypass.py (*) FortiWeb Authentication Bypass Artifact Generator - Sina Kheirkhah (@SinSinology) and Jake Knott (@inkmoro) of watchTowr (@watchTowrcyber) CVEs: [CVE-2025-xxxxx] [+] Exploit sent successfully. [*] Check for the new user [ 35f36895 ] with password [ 35f36895 ] ``` # 描述 此脚本用于尝试检测 FortiWeb 是否存在认证绕过漏洞 # 受影响版本 FortiWeb 8.0.2 以下版本受影响，如需了解更具体的版本信息，请联系 [FortiGuard Labs PSIRT](https://fortiguard.fortinet.com/) # 关注 [watchTowr](https://watchTowr.com) Labs 关注 [watchTowr](https://watchTowr.com) Labs 团队以获取最新的安全研究 - https://labs.watchtowr.com/ - https://x.com/watchtowrcyber

标签：AppImage, CISA项目, CVE-2025, FortiWeb, PoC, Python, Web应用防火墙, 协议分析, 无后门, 暴力破解, 权限提升, 网络安全, 认证绕过, 逆向工具, 隐私保护