CVE-2016-10033 PoC — PHPMailer 安全漏洞

Source

https://github.com/chipironcin/CVE-2016-10033

Associated Vulnerability

Title:PHPMailer 安全漏洞 (CVE-2016-10033)
Description:PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer 5.2.18之前的版本中的isMail transport的‘mailSend’函数存在安全漏洞，该漏洞源于程序没有设置Sender属性。远程攻击者可利用该漏洞向邮件命令中传递额外的参数，并执行任意代码。

Description

Code and vulnerable WordPress container for exploiting CVE-2016-10033

Readme

# CVE2016-10033 explotation PoC

This repository holds the necessary files to exploit CVE2016-10033 on a vulnerable version of WordPress.

With these instructions you will be able to get a reverse interactive shell (not Pseudo-TTY) in the container that is running the WordPress as the user that is running the Apache server.

This exploit does not require any type of authentication or plugin. Just plain WordPress code + Exim4 MTA to send emails from WordPress (installed in most servers).

 * [Full advisory CVE2016-10033](https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html)

## Requirements
  * Linux based operative system
  * Docker
  * docker-compose

## How-to
  1. Deploy docker-compose
  2. Enter your WordPress site and follow the installation wizard using `admin` as username
  2. Execute the exploit script

## Attributions

 * Dawid Golunski (@dawid_golunski) at [LegalHackers](https:/legalhackers.com) for the discovery and first version of PoC exploit

File Snapshot


 [4.0K]  /data/pocs/788cc63990c082d707a9342a05915a30883b2ab2
├── [ 208]  docker-compose.yml
├── [ 430]  Dockerfile
├── [1000]  README.md
└── [2.9K]  wordpress-rce-exploit.sh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!