Symantec Web Gateway version 5.0.2.8 suffers from local file inclusion, remote command execution, and arbitrary file deletion vulnerabilities.
a0fccf32d3c50c44bbaec6e8b29d6a94e5b750a7a3630cb98f887b64cf02a1a9This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This Metasploit module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.
b0b67649c40ca029b22826b4a8885851ba50ca7ed212e036f2e5e4e0db93816fZero Day Initiative Advisory 12-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec() in multiple script pages. The affected scripts are located in '/spywall/ipchange.php' and 'network.php'. There is also a flaw in '/spywall/download_file.php' that allows unauthenticated users to download and delete any file on the server.
27dcc990753c286009309447bb9c72ba6733589421579106d30bc8c69f3a95efThis Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.
65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit.
1f988ae10011c9e9527aa54aee6542a4e4f221f26948b02c388b89c3b9e6db66
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed