Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
Symantec Messaging Gateway <=10.6.1 - Local File Inclusion
By kannthu
Vidoc ModuleDescription
What is the "Symantec Messaging Gateway <=10.6.1 - Local File Inclusion?"
The "Symantec Messaging Gateway <=10.6.1 - Local File Inclusion" module is designed to detect a vulnerability in the Symantec Messaging Gateway software version 10.6.1 and earlier. This module focuses on identifying a specific type of security flaw known as Local File Inclusion (LFI). LFI occurs when an application allows a user to include a local file on the server, which can lead to unauthorized access to sensitive information or even remote code execution.
This vulnerability has a high severity level, indicating that it poses a significant risk to the security of the affected system. It is crucial for organizations using Symantec Messaging Gateway to address this vulnerability promptly to prevent potential exploitation.
Impact
If successfully exploited, the Local File Inclusion vulnerability in Symantec Messaging Gateway <=10.6.1 can allow an attacker to access sensitive files on the server. This could include configuration files, user credentials, or other confidential information. In some cases, it may even enable the execution of arbitrary code, giving the attacker full control over the compromised system.
How the module works?
The module works by sending a specific HTTP request to the target Symantec Messaging Gateway server. It attempts to access a file located in the server's WEB-INF directory by manipulating the request path. The module then applies matching conditions to determine if the server responds with the expected content and status code.
For example, the module may send a GET request to the following path: /brightmail/servlet/com.ve.kavachart.servlet.ChartStream?sn=../../WEB-INF/
The module's matching conditions check if the response contains the file name "struts-default.xml" and if the status code is 200 (indicating a successful response). If both conditions are met, the module identifies the presence of the Local File Inclusion vulnerability in the Symantec Messaging Gateway.
By detecting this vulnerability, organizations can take appropriate measures to mitigate the risk and secure their Symantec Messaging Gateway installations.