i CVE-2016-10033:PHPMailer < 5.2.18 Remote Code Execution - All things in moderation

CVE-2016-10033:PHPMailer < 5.2.18 Remote Code Execution

1. What is PHPMailer ?

PHPMailer continues to be the world’s most popular transport class, with an estimated 9 million users worldwide. Downloads continue at a significant pace daily.
Millions of PHP websites and popular open source web applications, including** WordPress**, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users.

2. Vulnerable version

phpmailer < 5.2.18 Remote code execution
More information visit site:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

2. How to exploit it ?
  • Download exploit from link below:
    exploit-CVE-2016-10033
  • Setup Vulnerable enviroment
    To setup vulnerable enviroment you nedd install Docker and just run following command:
docker build -t Dockerfile phpmailer
docker run -it -p 8080:80 phpmailer

Access vulnerable site on your browser on port 8080


* Exploit
To exploit a target you just run:

./exploit.sh host:port  

Caution: the exploit code in file exploit.sh that suit for the form above, if you want to exploit another site you need modify parameter in there( not recommend).
In this case:

sudo ./exploit.sh localhost:8080  


* Result

In your browser:

Summary

This post just education purpose , If you are using a open source is using phpmailer ,let update to newest version imdediately to keep your site safe !
Today is the last day of 2016 , I just want to every posts we did helpful for you and the next year we will try to wite the post more quality and more helpful for everyone. OK ! See you next year 2017 !!!

Leave a Reply