This Metasploit module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the “spiderman” user to “root”. This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the “spiderman” user. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0…. This Metasploit module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the “spiderman” user to “root”. This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the “spiderman” user. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.

Read more http://packetstormsecurity.com/files/123262/sophos_wpa_clear_keys.rb.txt