Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-7247 PoC — Openbsd Opensmtpd代码问题漏洞

Source
https://github.com/QTranspose/CVE-2020-7247-exploit
Associated Vulnerability
Title:Openbsd Opensmtpd代码问题漏洞 (CVE-2020-7247)
Description:smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Description
OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution PoC exploit
Readme
## CVE-2020-7247-exploit
OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution PoC exploit<br>
Reference: <https://www.openwall.com/lists/oss-security/2020/01/28/3>

## Usage
```
python3 exploit.py <target_host> <target_port> <reverse_host> <reverse_port> <recipient_email>
```
![example](img/example.svg)

## Dependencies
```
pip3 install --user pwntools
```
File Snapshot

 [4.0K]  /data/pocs/01966a349bb0958d0d26eb9c80c2323f1f42a3ea
├── [1.5K]  exploit.py
├── [4.0K]  img
│   └── [ 85K]  example.svg
└── [ 352]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →