CVE-2016-10033 PoC — PHPMailer 安全漏洞

Source

https://github.com/chipironcin/CVE-2016-10033

Associated Vulnerability

Title:PHPMailer 安全漏洞 (CVE-2016-10033)
Description:The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

Description

Code and vulnerable WordPress container for exploiting CVE-2016-10033

Readme

# CVE2016-10033 explotation PoC

This repository holds the necessary files to exploit CVE2016-10033 on a vulnerable version of WordPress.

With these instructions you will be able to get a reverse interactive shell (not Pseudo-TTY) in the container that is running the WordPress as the user that is running the Apache server.

This exploit does not require any type of authentication or plugin. Just plain WordPress code + Exim4 MTA to send emails from WordPress (installed in most servers).

 * [Full advisory CVE2016-10033](https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html)

## Requirements
  * Linux based operative system
  * Docker
  * docker-compose

## How-to
  1. Deploy docker-compose
  2. Enter your WordPress site and follow the installation wizard using `admin` as username
  2. Execute the exploit script

## Attributions

 * Dawid Golunski (@dawid_golunski) at [LegalHackers](https:/legalhackers.com) for the discovery and first version of PoC exploit

File Snapshot


 [4.0K]  /data/pocs/788cc63990c082d707a9342a05915a30883b2ab2
├── [ 208]  docker-compose.yml
├── [ 430]  Dockerfile
├── [1000]  README.md
└── [2.9K]  wordpress-rce-exploit.sh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!