So I was browsing the net and happened across Muts’ latest PoC – an LFI bug in Symantec Web Gateway, which he claims gives remote root. You can see it here: Exploit DB
I read the exploit code and noticed, while beautifully elegant, it is a little bit of a pain in the ass to use, as you must edit it every single time.
I also was in the mood to knock up a quick bit of python, so here is what I made: Pastebin – Exploit Code
It is not the best, but was just my attempt to make the exploit code Muts provided a little better in the usability stakes
I have no Symantec WebGateway to test it in, but it should do the trick
Anyway, thats it. All credit to Muts for finding the bug and writing the original exploit code, all I am doing is improving it. Will likely do this a lot for fun and to keep my programming skills sharpened