About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Vulns in TerraMaster - 126

Joshua Meyer at ISEPosted 6 Years Ago
  • I love the people at ISE! This is a list of vulns found on this NAS.
  • There are several cases of XSS within the application from not properly sanitized input. Josh found both reflected and stored xss.
  • Several command injection issues within inputs that require system level interactions.
  • The most interesting issue was the session fixation. If the PHPSESSID is set as a cookie prior to going to the site, then this cookie is used for the user.
  • All session tokens are stored within /tmp... Because any user can view folder, this all session tokens can be stolen by other users!
  • The file upload does not restrict the location of the path being uploaded to.
  • Finally, there are some unauthenticated SQLi injections and unauthenticated SQLi injections, additionally with a CSRF bug.
  • This blog post has an immense amount of findings in it, along with several POC's. Really good thing to read!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed