# CVE-2024-21762
# Exploit details:
Cybersecurity researcher BishopFox recently released a detailed study of one of the new trending FortiOS vulnerabilities, CVE-2024-21762.

CVE-2024-21762 is a forbidden entry in the SSL VPN component of FortiOS. Bishop Fox analyzed the patch and found numerous changes in the handling of HTTP requests that use chunked transfer encoding. In addition to developing a proof of vulnerability, we defined a method to securely test for changes in behavior that indicate the system is using the patched firmware.

It took me a week to make an exploit based on the data provided in the report. And I did it! I did it by sending an out-of-bound value in the Transfer-Encoding: chunked header. Further exploitation led to an HTTP Smuggling vulnerability also known as TE.CL.

Vulnerable versions: All versions of FortiOS 6.0 - 7.4.2

# This is new PoC, for Full version please Download from:

# The only one working RCE exploit that sells for $5,000 on the darknet

# Contact:
tox: CB1D6DE37A1B5C5816137A30CCD82249B0D18D78F6AF730854434D5463B66B2C9CA6CDF7FADD