关联漏洞
标题:PHPMailer 安全漏洞 (CVE-2016-10033)Description:PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer 5.2.18之前的版本中的isMail transport的‘mailSend’函数存在安全漏洞,该漏洞源于程序没有设置Sender属性。远程攻击者可利用该漏洞向邮件命令中传递额外的参数,并执行任意代码。
Description
Code and vulnerable WordPress container for exploiting CVE-2016-10033
介绍
# CVE2016-10033 explotation PoC
This repository holds the necessary files to exploit CVE2016-10033 on a vulnerable version of WordPress.
With these instructions you will be able to get a reverse interactive shell (not Pseudo-TTY) in the container that is running the WordPress as the user that is running the Apache server.
This exploit does not require any type of authentication or plugin. Just plain WordPress code + Exim4 MTA to send emails from WordPress (installed in most servers).
* [Full advisory CVE2016-10033](https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html)
## Requirements
* Linux based operative system
* Docker
* docker-compose
## How-to
1. Deploy docker-compose
2. Enter your WordPress site and follow the installation wizard using `admin` as username
2. Execute the exploit script
## Attributions
* Dawid Golunski (@dawid_golunski) at [LegalHackers](https:/legalhackers.com) for the discovery and first version of PoC exploit
文件快照
[4.0K] /data/pocs/788cc63990c082d707a9342a05915a30883b2ab2
├── [ 208] docker-compose.yml
├── [ 430] Dockerfile
├── [1000] README.md
└── [2.9K] wordpress-rce-exploit.sh
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。