[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
===www.symantec.com
Product:
===
Symantec
Hi Brandon,
we found two injection points. One in the BinaryFileHandler class:
POST /servlet/ConsoleServlet HTTP/1.1
Host: 192.168.40.133:8443
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
Cookie: JSESSIONID=D739FA0884EB78B31B1D23AEA899C175
ActionType
Do you have example requests for the SQL injections?
> On Jul 31, 2015, at 7:40 AM, Markus Wulftange
> wrote:
>
> Code White found several vulnerabilities in Symantec Endpoint Protection
> (SEP), affecting versions 12.1 prior to 12.1 RU6 MP1.
>
> SEP Manager (SEPM):
>
> * CVE-2015-1486: Auth
Code White found several vulnerabilities in Symantec Endpoint Protection
(SEP), affecting versions 12.1 prior to 12.1 RU6 MP1.
SEP Manager (SEPM):
* CVE-2015-1486: Authentication Bypass
* CVE-2015-1487: Arbitrary File Write
* CVE-2015-1488: Arbitrary File Read
* CVE-2015-1489: Privilege Escalatio
Hello,
Here is a PoC of the CVE-2013-1612 bug, targeting SEP Manager version
12.1.0 -> 12.1.2.
It's a simple SEH-based code which set EIP to 0x.
I've tried to write a stable exploit code but so far, it is still
unreliable. I meant that it works great in my labs, but will not work on
yours
