CVE-2020-11546 PoC — SuperWebMailer 注入漏洞

Source

https://github.com/damit5/CVE-2020-11546

Associated Vulnerability

Title:SuperWebMailer 注入漏洞 (CVE-2020-11546)
Description:Superwebmailer是一个基于 Web 的 PHP 通讯软件，用于通讯收件人管理，发送 HTML 通讯，生日电子邮件。 SuperWebMailer 7.21.0.01526版本中的mailingupgrade.php文件的‘Language’参数存在注入漏洞。攻击者可利用该漏洞执行任意的PHP代码。

Description

基于GO的exp和poc

Readme

## 前言

GO语言版 [CVE-2020-11546](https://nvd.nist.gov/vuln/detail/CVE-2020-11546) 利用工具，全当练手GO语言了

## 用法

```shell
go get -u -v github.com/damit5/CVE-2020-11546@master
CVE-2020-11546 <target>
```

![image-20211229152446871](README.assets/image-20211229152446871.png)

## 自己编译

```shell
git clone https://github.com/damit5/CVE-2020-11546
bash build.sh
```

![image-20211229150608970](README.assets/image-20211229150608970.png)

File Snapshot


 [4.0K]  /data/pocs/d81f1ad016a7825404facae5a6e55f6fc0b3fb79
├── [ 332]  build.sh
├── [  49]  go.mod
├── [4.0K]  README.assets
│   ├── [ 25K]  image-20211229150608970.png
│   └── [2.3M]  image-20211229152446871.png
├── [ 467]  README.md
├── [4.0K]  release
│   ├── [4.6M]  superwebmailerRCE_darwin
│   ├── [4.4M]  superwebmailerRCE_linux
│   └── [4.4M]  superwebmailerRCE_win.exe
└── [2.7K]  superwebmailer_rce_cve_2020_11546.go

2 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!