Last time I decided to check Symantec Web Gateway (version I tried was 5.0.2.8). Below you will find few notes from the journey. Here we go...
Today we'll start here:
In this document I described the way to exploit the bug I found (for postauth users) in Symantec Web Gateway (v.5.0.2.8). Quick intro for created 10 pages PDF:
Reader will be able to reproduce the attack 'step-by-step' to achieve similar results as presented on the screen below:
Yes, webshell. But don't worry. I also described quick way to get root. ;)
I hope you'll find IT useful.
See you next time!
Special thanks to my new Patrons:
- Daniel
- julianvolodia
Thank you! You are AWSOME! ;)
Cheers
Hi, Nice find
OdpowiedzUsuńHow i can finding Symantec Web Gateways in shodan.io or google?!
There is a simple old known way: write an email to hacktheplanet @ fbi .gov with the same question.
OdpowiedzUsuńThey will answer during next 24h. ;)
Thanks for watching.