CVE-2016-10033 PoC — PHPMailer 安全漏洞

Source

https://github.com/0x00-0x00/CVE-2016-10033

Associated Vulnerability

Title:PHPMailer 安全漏洞 (CVE-2016-10033)
Description:PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer 5.2.18之前的版本中的isMail transport的‘mailSend’函数存在安全漏洞，该漏洞源于程序没有设置Sender属性。远程攻击者可利用该漏洞向邮件命令中传递额外的参数，并执行任意代码。

Description

PHPMailer < 5.2.18 Remote Code Execution Exploit

Readme

# CVE-2016-10033
This vulnerability affects PHPMailer < 5.2.18 and is able to get Remote Code Execution.

# Resources
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033

# Usage
As it is written in Golang, you can build the exploit yourself, as long there is golang installed into your system with:
```bash
cd CVE-2016-10033
go build
```

Then you can use the exploit program with the following syntax:
![Screenshot](img/screenshot.JPG?raw=true)

# Author 
I am not the author of the CVE, but I am the author of this exploit program.
If you use it, or modify it, you're not allowed to strip the credits from it.

File Snapshot


 [4.0K]  /data/pocs/7ad506f4a39682b6c9bd74f4d5520c925261d833
├── [4.0K]  img
│   └── [ 38K]  screenshot.JPG
├── [3.6K]  main.go
├── [5.7M]  PHPMailer-CVE-2016-10033
└── [ 625]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!