Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Adding module Symantec Messaging Gateway RCE #8540
This module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the root user.
List the steps needed to make sure this thing works
All the technical details about this vulnerability can be found at following URL.
THINGS TO TODO
Awesome, @mmetince, nice find! Any chance you might know where to download an archived 10.6.2 version for verification? (The symantec website seems to only provide the latest 10.6.3. https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken?inid=us_symc_messaging-gateway_pdp_to_leadgen_trialware_PID-20_messaging-gateway# shows the product version but a disabled archived versions tab)
Jun 23, 2017
1 check passed
The exploits/linux/http/symantec_messaging_gateway_exec module has been added to the framework. This module exploits the command injection vulnerability of the Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server root user.