Date: Wed, 28 Dec 2016 03:03:39 -0200 From: Dawid Golunski <dawid@...alhackers.com> To: oss-security@...ts.openwall.com Subject: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass for the CVE-2016-1033 patch) Discovered by Dawid Golunski (@dawid_golunski) https://legalhackers.com Desc: I discovered that the current PHPMailer versions (< 5.2.20) were still vulnerable to RCE as it is possible to bypass the currently available patch. This was reported responsibly to the vendor & assigned a CVEID on the 26th of December. The vendor has been working on a new patch which would fix the problem but not break the RFC too badly. The patch should be published very soon. I'm releasing this as a 0day without the new patch available publicly as a potential bypass was publicly discussed on oss-sec with Solar Designer in the PHPMailer < 5.2.18 thread, so holding the advisory further would serve no purpose. Current advisory URL: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html More updates soon at: https://twitter.com/dawid_golunski -- Regards, Dawid Golunski https://legalhackers.com t: @dawid_golunski View attachment "PHPMailer-fix-bypass.txt" of type "text/plain" (6286 bytes) text/plain

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.