PHPMailer Sendmail Argument Injection

Posted by deepcore on January 4, 2017 – 11:58 am

PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« AContent CMS 1.3 Cross Site Scripting Kaspersky SSL Interception Differentiation »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

PHPMailer Sendmail Argument Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL