oss-sec mailing list archives
OpenFiler - Arbitrary Code Execution & Stored XSS
From: Dolev Farhi <dolevf87 () gmail com>
Date: Thu, 15 May 2014 18:56:02 +0300
hi, Multiple vulnerabilities were discovered in the latest version of OpenFiler appliance, 2.99.1 as reported here<https://forums.openfiler.com/index.php?/topic/6720-arbitrary-code-execution-stored-xss-vulnerability-in-openfiler-latest-version-2991/>, here <http://www.exploit-db.com/exploits/33247> and here<http://www.exploit-db.com/exploits/33248> OpenFiler is a FreeNAS appliance equivalent. - Vulnerability 1 OpenFiler is vulnerable to an arbitrary code execution attack by not validating the hostname input, this vulnerability allows an attacker to execute any system shell command with the root user privileges. - Proof of concept: i. Login with any available user ii. Change the hostname value to `cat /etc/passwd` iii. Submit * Refreshing the screen / Reloading the page results with passwd content in the OpenFiler system hostname value. - Vulnerability 2 Multiple Stored XSS were found in OpenFiler, by creating a volume group or a network access configuration with malicious code e.g. <script>alert("css")</script> any user attempt to create, view or modify volume shares executes the attack. Proof of concept vids 1. Link 1 <http://research.openflare.org/poc/openfiler/codexec.mp4> 2. Link 2 <http://research.openflare.org/poc/openfiler/xss.mp4> Can CVEs please be assigned to these issues? Tx
Current thread:
- OpenFiler - Arbitrary Code Execution & Stored XSS Dolev Farhi (May 15)
- Re: OpenFiler - Arbitrary Code Execution & Stored XSS cve-assign (May 18)
- Re: OpenFiler - Arbitrary Code Execution & Stored XSS Dolev Farhi (May 19)
- Re: OpenFiler - Arbitrary Code Execution & Stored XSS cve-assign (May 18)