Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
40 lines (26 sloc) 1.88 KB
##############################################################################
# PoC Install Guide #
##############################################################################
Installation:
A. PHPMailer PoC:
1. Any Linux system with PHP,apache and exim4 installed
2. Move the folder to /vr/www/ and render poc.php
3. PCRE8, normally will be installed by default in modern OS.
B. Vulnerable Wordpress 4.6:
1. We need a older version of ubuntu, because we need a older version of apache that acepts malformed HTTP Headers. In ubuntu 10.4 with default repository apache works fine.
2. Other than being ubuntu 10.4 install a normal LAMP package set to make wordpress work. Use old release of wordpress 4.6
3. The apache version used is: 2.2.14
4. Also we need to have installed PCRE 8.0, if we have older one,PHPmailer will use old-PCRE for validating the email and will not work anymore (will forbid spaces).
Objetive of this PoC:
1. From C code to a CMS discover how bad an Argument Injection can be.
2. Learn how to follow up through libraries the bug and escalate to a Content Management System as Wordpress.
3. Learn the impact of using wildly third parties libraries
4. Proof of Concept with working payloads (not exploitation code provided)
Tips:
1.commanddebugger is a bash script that in replacement with the binary that is being called will give to us the data that the webapp is passing to it. This can be useful for future researchs.
2. PHPMailer is modified by myself to be vulnerable, since they are patching the reseales already
3. The same with wordpress 4.6 You can extract the zip to /var/www/html/ and render wordpress.
Remember:
This is PoC, it holds vulnerable code. Use it in a controlled environment and don't follow any codings here!
Sources:
https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
You can’t perform that action at this time.