This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.
7810fcb69993934064a2c2e0dc2b58aaf5d7e3002088449a8499f31076eee919Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability.
80e097e61c3144721b95a38213e7b0f3f782bac6d90fcd41c8baf29fdbab0249
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed