Openfiler 2.99.1 Arbitrary Code Execution Vulnerability

2014-05-09T00:00:00
ID 1337DAY-ID-22223
Type zdt
Reporter Dolev Farhi
Modified 2014-05-09T00:00:00

Description

Openfiler version 2.99.1 suffers from a remote arbitrary code execution vulnerability.

                                        
                                            # Exploit Title: Arbitrary Code Execution in Openfiler
 
# Exploit author: Dolev Farhi @f1nhack
 
# Date 07/05/2014
 
# Vendor homepage: http://www.openfiler.com
 
# Affected Software version: 2.99.1
 
# Alerted vendor: 7.5.14
 
 
Software Description
=====================
Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of file-based Network Attached Storage and block-based
Storage Area Networking functionality in a single cohesive framework.
 
 
 
Vulnerability Description
=========================
Arbitrary code execution
 
 
Steps to reproduce / PoC:
=========================
1.1. Login to Openfiler dashboard.
 
1.2. Under system tab -> Hostname
 
1.3. Enter any shell command you desire using the backticks ` `
 
    e.g. `cat /etc/passwd`
     
1.4. the code reflects in the hostname value space
 
 
 
  <-> PoC Video: https://www.youtube.com/watch?v=NzjB9U_0yLE&feature=youtu.be

#  0day.today [2018-02-19]  #