CVE-2014-3206 PoC — Seagate BlackArmor NAS 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-3206.yaml

Associated Vulnerability

Title:Seagate BlackArmor NAS 安全漏洞 (CVE-2014-3206)
Description:Seagate BlackArmor NAS是美国希捷（Seagate）公司的一款网络存储服务器，它可对业务关键数据提供分层保护、数据增量和系统备份、恢复等。 Seagate BlackArmor NAS中存在安全漏洞。远程攻击者可通过向localhost/backupmgt/localJob.php文件发送‘session’参数或向localhost/backupmgmt/pre_connect_check.php文件发送‘auth_name’参数利用该漏洞执行任意代码。

Description

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.

File Snapshot


 id: CVE-2014-3206

info:
  name: Seagate BlackArmor NAS - Command Injection
  author: gy741
  severi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!