This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.
7810fcb69993934064a2c2e0dc2b58aaf5d7e3002088449a8499f31076eee919
Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability.
80e097e61c3144721b95a38213e7b0f3f782bac6d90fcd41c8baf29fdbab0249