LaCie Network Space CSRF
Hey again!
I though you needed a christmas present.
So, I kind of found a couple of CSRF vulnerabilities in the LaCie Network Space NAS v1.1.6, and I though:
Hey, it was a long time ago since I wrote here. So why not disclose something fun...
...so well folks, it appears that the NAS do not seperate HTTP GET and POST variables apart from each other.
One thing lead to another, and I started coding a JavaScript which toggled the blue LED on and off.
I kept working a bit on the script, and here it is, it scans the hardcoded network of 192.168.0.X (subnet 255.255.0.0) for NAS'es;
tries to logon with the default credentials:
Username: admin
Password: admin
Once logged in, it utilizes 2 CSRF vulnerabilites, one to turn off the annoying blue LED, and one to rename the NAS to H_ACKACK_NET.
The fun part of this is, the web-interface appears to run as root down beneth (uid=0) and it got this cute format feature...
*cough* rm -rf through CSRF *cough*
That's it.
It's short, but fun.
Maybe I inspired someone.
Merry Christmas & Ciao Bella!
Hey, I'm Fredrik. I'm from Sweden, born 1990, and I got a huge interest for information technology and information security. So far, I've been studying for three years at the Internation IT College of Sweden and one year at the Royal Institute of Technology (Kista, Sweden). I'm one of the Co-Founders of Detectify. I'm working closely together with the swedish firm Young & Skilled. ...Not to forget, I'm the previous founder of Arctic Security. If you wish to contact me, please email me at h@ackack.net or follow me on twitter @Almroot.