module
Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution
Disclosed | Created |
---|---|
2014-02-24 | 2018-05-30 |
Disclosed
2014-02-24
Created
2018-05-30
Description
This module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager
versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker
can reach SQL injection affected components. As xp_cmdshell is enabled in the included
database instance, it's possible to execute arbitrary system commands on the target
with SYSTEM privileges.
versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker
can reach SQL injection affected components. As xp_cmdshell is enabled in the included
database instance, it's possible to execute arbitrary system commands on the target
with SYSTEM privileges.
Authors
Stefan Viehbock
Chris Graham
xistence xistence@0x90.nl
Chris Graham
xistence xistence@0x90.nl
Platform
Windows
Architectures
x86
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.