Full title: Symantec Web Gateway 5 restore.php Command Injection Exploit 
Category: remote exploits
Platform: php
This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.

# 0day.today @ http://0day.today/