infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change description

unstable
sinn3r 2012-06-10 01:52:26 -05:00
parent f0082ba38f
commit 8f6457661d
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/linux/http/symantec_web_gateway_file_upload.rb
View File

@ -17,9 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
'Name' => "Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability", 'Name' => "Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability",
'Description' => %q{ 'Description' => %q{
This module exploits a file upload vulnerability found in Symantec Web Gateway's This module exploits a file upload vulnerability found in Symantec Web Gateway's
HTTP service due to the incorrect manage of file extensions in the upload_file() HTTP service. Due to the incorrect use of file extensions in the upload_file()
function. This module abuses the spywall/blocked_file.php file to upload an arbitrary function, this allows us to abuse the spywall/blocked_file.php file in order to
php file without any authentication, which results in arbitrary code execution. upload a malicious PHP file without any authentication, which results in arbitrary
code execution.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>
@ -122,5 +123,4 @@ class Metasploit3 < Msf::Exploit::Remote
end end
end end
end end