CVE-2012-0297

This Metasploit module exploits a directory traversal vulnerability in Symantec Web Gateway 5.0.2.8 to achieve remote code execution by injecting PHP code into the access log and then loading it via a traversal flaw.

This exploit leverages a Local File Inclusion (LFI) vulnerability in Symantec Web Gateway 5.0.2 to write a malicious script to /tmp/networkScript, which is then executed with sudo privileges via log poisoning. The payload establishes a reverse shell to a specified IP and port.

This Metasploit module exploits a vulnerability in Symantec Web Gateway by injecting PHP code into the access log and then loading it via a directory traversal flaw to achieve remote code execution under the context of 'apache'.

This Metasploit module exploits a command injection vulnerability in Symantec Web Gateway 5.0.2.8 via the `ipchange.php` file, allowing unauthenticated remote command execution.

The exploit demonstrates multiple vulnerabilities in Symantec Web Gateway 5.0.2.8, including local file inclusion (LFI), arbitrary file download/delete, and remote command execution (RCE) via file upload and deprecated admin config manipulation. It provides clear examples of malicious HTTP requests and PHP code to achieve RCE.

This Metasploit module exploits a command injection vulnerability in Symantec Web Gateway 5.0.2.8 via the `spywall/ipchange.php` endpoint, allowing unauthenticated remote code execution by injecting commands into the `subnet` parameter.