PHPMailer/SwiftMailer/ZendFramework Video PoC Exploit
PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)
PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045)
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)
Discovered by
Dawid Golunski
Follow @dawid_golunski
https://legalhackers.com
Description:
The video below demonstrates how an attacker could potentially compromise a website (achieve remote code execution) by exploiting one of the vulnerabilities linked above in a web application (Contact Form) implemented with the use of: PHPMailer, Zend Framework (zend-mail) and SwiftMailer.
The video focuses on PHPMailer however the attack flow is common for each of the affected frameworks/libraries.
Exploit shown in the video can be downloaded from:
PHPMailer/SwiftMailer/Zend-mail exploit
To receive updates on this as well as new vulnerabilities:
Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into
HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045)
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)
Discovered by
Dawid Golunski
Follow @dawid_golunski
https://legalhackers.com
Description:
The video below demonstrates how an attacker could potentially compromise a website (achieve remote code execution) by exploiting one of the vulnerabilities linked above in a web application (Contact Form) implemented with the use of: PHPMailer, Zend Framework (zend-mail) and SwiftMailer.
The video focuses on PHPMailer however the attack flow is common for each of the affected frameworks/libraries.
Exploit shown in the video can be downloaded from:
PHPMailer/SwiftMailer/Zend-mail exploit
To receive updates on this as well as new vulnerabilities:
Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into
HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)
Discovered by
Dawid Golunski
Follow @dawid_golunski
https://legalhackers.com
Description:
The video below demonstrates how an attacker could potentially compromise a website (achieve remote code execution) by exploiting one of the vulnerabilities linked above in a web application (Contact Form) implemented with the use of: PHPMailer, Zend Framework (zend-mail) and SwiftMailer.
The video focuses on PHPMailer however the attack flow is common for each of the affected frameworks/libraries.
Exploit shown in the video can be downloaded from:
PHPMailer/SwiftMailer/Zend-mail exploit
To receive updates on this as well as new vulnerabilities:
Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into
HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)
Discovered by
Dawid Golunski
Follow @dawid_golunski
https://legalhackers.com
Description:
The video below demonstrates how an attacker could potentially compromise a website (achieve remote code execution) by exploiting one of the vulnerabilities linked above in a web application (Contact Form) implemented with the use of: PHPMailer, Zend Framework (zend-mail) and SwiftMailer.
The video focuses on PHPMailer however the attack flow is common for each of the affected frameworks/libraries.
Exploit shown in the video can be downloaded from:
PHPMailer/SwiftMailer/Zend-mail exploit
To receive updates on this as well as new vulnerabilities:
Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into
HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://legalhackers.com
Description:
The video below demonstrates how an attacker could potentially compromise a website (achieve remote code execution) by exploiting one of the vulnerabilities linked above in a web application (Contact Form) implemented with the use of: PHPMailer, Zend Framework (zend-mail) and SwiftMailer.
The video focuses on PHPMailer however the attack flow is common for each of the affected frameworks/libraries.
Exploit shown in the video can be downloaded from: PHPMailer/SwiftMailer/Zend-mail exploit
To receive updates on this as well as new vulnerabilities: Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~