oss-sec mailing list archives
Re: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
From: Dawid Golunski <dawid () legalhackers com>
Date: Thu, 29 Dec 2016 01:04:52 -0200
On Wed, Dec 28, 2016 at 2:58 PM, Solar Designer <solar () openwall com> wrote:
On Wed, Dec 28, 2016 at 03:03:39AM -0200, Dawid Golunski wrote:This was reported responsibly to the vendor & assigned a CVEID on the 26th of December. The vendor has been working on a new patch which would fix the problem but not break the RFC too badly. The patch should be published very soon. I'm releasing this as a 0day without the new patch available publicly as a potential bypass was publicly discussed on oss-sec with Solar Designer in the PHPMailer < 5.2.18 thread, so holding the advisory further would serve no purpose.Yeah. I did think for a moment before posting in here yesterday, but for a number of reasons chose to go ahead with the public discussion. Alexander
Hi Alexander, No worries, good that the patch came in quick so it wasn't too bad I guess. Got a bunch of critical comments but most of them are pretty funny anyway ;) E.g. https://twitter.com/dawid_golunski/status/814253540503908356 ;D Good work on sensing trouble in that bit of code too though. -- Regards, Dawid Golunski https://legalhackers.com t: @dawid_golunski
Current thread:
- PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski (Dec 27)
- Re: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Solar Designer (Dec 28)
- Re: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski (Dec 29)
- Re: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Solar Designer (Dec 28)