Vulnerability & Exploit Database

Back to search

Symantec Web Gateway 5.0.2.8 relfile File Inclusion Vulnerability

This module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/linux/http/symantec_web_gateway_lfi

Authors

  • Unknown
  • muts
  • sinn3r <sinn3r [at] metasploit.com>

References

Targets

  • Symantec Web Gateway 5.0.2.8

Platforms

  • php

Architectures

  • php

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/symantec_web_gateway_lfi msf exploit(symantec_web_gateway_lfi) > show targets ...targets... msf exploit(symantec_web_gateway_lfi) > set TARGET <target-id> msf exploit(symantec_web_gateway_lfi) > show options ...show and set options... msf exploit(symantec_web_gateway_lfi) > exploit

Related Modules