1. What is PHPMailer ?
PHPMailer continues to be the world’s most popular transport class, with an estimated 9 million users worldwide. Downloads continue at a significant pace daily.
Millions of PHP websites and popular open source web applications, including** WordPress**, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users.
2. Vulnerable version
phpmailer < 5.2.18 Remote code execution
More information visit site:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
2. How to exploit it ?
- Download exploit from link below:
exploit-CVE-2016-10033 - Setup Vulnerable enviroment
To setup vulnerable enviroment you nedd install Docker and just run following command:
docker build -t Dockerfile phpmailer
docker run -it -p 8080:80 phpmailer
Access vulnerable site on your browser on port 8080
* Exploit
To exploit a target you just run:
./exploit.sh host:port
Caution: the exploit code in file exploit.sh that suit for the form above, if you want to exploit another site you need modify parameter in there( not recommend).
In this case:
sudo ./exploit.sh localhost:8080
* Result
In your browser:
Summary
This post just education purpose , If you are using a open source is using phpmailer ,let update to newest version imdediately to keep your site safe !
Today is the last day of 2016 , I just want to every posts we did helpful for you and the next year we will try to wite the post more quality and more helpful for everyone. OK ! See you next year 2017 !!!