OpenFiler 2.99.1 - Arbitrary Code Execution

2014-05-08 17:05:06

# Exploit Title: Arbitrary Code Execution in Openfiler

# Exploit author: Dolev Farhi @f1nhack

# Date 07/05/2014

# Vendor homepage: http://www.openfiler.com

# Affected Software version: 2.99.1

# Alerted vendor: 7.5.14


Software Description
=====================
Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of file-based Network Attached Storage and block-based
Storage Area Networking functionality in a single cohesive framework.



Vulnerability Description
=========================
Arbitrary code execution


Steps to reproduce / PoC:
=========================
1.1. Login to Openfiler dashboard.

1.2. Under system tab -> Hostname

1.3. Enter any shell command you desire using the backticks ` `

e.g. `cat /etc/passwd`

1.4. the code reflects in the hostname value space



<-> PoC Video: https://www.youtube.com/watch?v=NzjB9U_0yLE&feature=youtu.be

Fixes

No fixes

In order to submit a new fix you need to be registered.