Openfiler 2.99.1 Arbitrary Code Execution

2014.05.08

Credit: Dolev Farhi

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Arbitrary Code Execution in Openfiler
# Exploit author: Dolev Farhi @f1nhack
# Date 07/05/2014
# Vendor homepage: http://www.openfiler.com
# Affected Software version: 2.99.1
# Alerted vendor: 7.5.14
Software Description
=====================
Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of file-based Network Attached Storage and block-based
Storage Area Networking functionality in a single cohesive framework.
Vulnerability Description
=========================
Arbitrary code execution
Steps to reproduce / PoC:
=========================
1.1. Login to Openfiler dashboard.
1.2. Under system tab -> Hostname
1.3. Enter any shell command you desire using the backticks ` `
e.g. `cat /etc/passwd`
1.4. the code reflects in the hostname value space
<-> PoC Video: https://www.youtube.com/watch?v=NzjB9U_0yLE&feature=youtu.be

References:

https://www.youtube.com/watch?v=NzjB9U_0yLE&feature=youtu.be

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Openfiler 2.99.1 Arbitrary Code Execution

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.