lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADSYzssqQqUMmsWqinGYB_dk0Nws8B17HWjh5-giOu6bowCfLw@mail.gmail.com> Date: Wed, 28 Dec 2016 04:20:00 -0200 From: Dawid Golunski <dawid@...alhackers.com> To: bugtraq@...urityfocus.com Subject: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Discovered by Dawid Golunski (@dawid_golunski) https://legalhackers.com Desc: I discovered that the current PHPMailer versions (< 5.2.20) were still vulnerable to RCE as it is possible to bypass the currently available patch. This was reported responsibly to the vendor & assigned a CVEID on the 26th of December. The vendor has been working on a new patch which would fix the problem but not break the RFC too badly. The patch should be published very soon. I'm releasing this as a 0day without the new patch available publicly as a potential bypass was publicly discussed on oss-sec list with Solar Designer in the PHPMailer < 5.2.18 thread, so holding the advisory further would serve no purpose. Current advisory URL: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html PoC exploit URL: https://legalhackers.com/exploits/CVE-2016-10045/PHPMailer_RCE_exploit.pl More updates soon at: https://twitter.com/dawid_golunski Stay tuned ;) -- Regards, Dawid Golunski https://legalhackers.com t: @dawid_golunski
Powered by blists - more mailing lists