[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
- From: Dawid Golunski <dawid@xxxxxxxxxxxxxxxx>
- Date: Wed, 28 Dec 2016 04:20:00 -0200
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit
(CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Desc:
I discovered that the current PHPMailer versions (< 5.2.20) were still
vulnerable to RCE as it is possible to bypass the currently available
patch.
This was reported responsibly to the vendor & assigned a CVEID on the
26th of December.
The vendor has been working on a new patch which would fix the problem but
not break the RFC too badly. The patch should be published very soon.
I'm releasing this as a 0day without the new patch available publicly
as a potential bypass was publicly discussed on oss-sec list with Solar
Designer in the PHPMailer < 5.2.18 thread, so holding the advisory
further would serve no purpose.
Current advisory URL:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
PoC exploit URL:
https://legalhackers.com/exploits/CVE-2016-10045/PHPMailer_RCE_exploit.pl
More updates soon at:
https://twitter.com/dawid_golunski
Stay tuned ;)
--
Regards,
Dawid Golunski
https://legalhackers.com
t: @dawid_golunski