czwartek, 26 marca 2020

Postauth RCE in Symantec Web Gateway

Last time I decided to check Symantec Web Gateway (version I tried was Below you will find few notes from the journey. Here we go...
Today we'll start here:

In this document I described the way to exploit the bug I found (for postauth users) in Symantec Web Gateway (v. Quick intro for created 10 pages PDF:

Reader will be able to reproduce the attack 'step-by-step' to achieve similar results as presented on the screen below:

Yes, webshell. But don't worry. I also described quick way to get root. ;)

I hope you'll find IT useful.

See you next time!

Special thanks to my new Patrons:
- Daniel
- julianvolodia

Thank you! You are AWSOME! ;)


2 komentarze:

  1. Hi, Nice find
    How i can finding Symantec Web Gateways in or google?!

  2. There is a simple old known way: write an email to hacktheplanet @ fbi .gov with the same question.
    They will answer during next 24h. ;)

    Thanks for watching.