[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2
From: Dawid Golunski <dawid () legalhackers ! com>
Date: 2016-12-28 6:18:24
Message-ID: CADSYzstPjZrJ38nQd2+dvnv3icGC5JrEcZBK=KqoK4rOzODfvg () mail ! gmail ! com
[Download RAW message or body]
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit
(CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Desc:
I discovered that the current PHPMailer versions (< 5.2.20) were still
vulnerable to RCE as it is possible to bypass the currently available
patch.
This was reported responsibly to the vendor & assigned a CVEID on the
26th of December.
The vendor has been working on a new patch which would fix the problem but
not break the RFC too badly. The patch should be published very soon.
I'm releasing this as a 0day without the new patch available publicly
as a potential bypass was publicly discussed on oss-sec list with Solar
Designer in the PHPMailer < 5.2.18 thread, so holding the advisory
further would serve no purpose.
Current advisory URL:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
PoC exploit URL:
https://legalhackers.com/exploits/CVE-2016-10045/PHPMailer_RCE_exploit.pl
More updates soon at:
https://twitter.com/dawid_golunski
Stay tuned.
--
Regards,
Dawid Golunski
https://legalhackers.com
t: @dawid_golunski
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic