[ authorization ] [ registration ] [ Ripristina ]
Contattaci
Ci puoi contattare tramite:
0day.today Exploits Market and 0day Exploits Database

WordPress PHPMailer Host Header Command Injection Exploit

[ 0Day-ID-27782 ]
Titolo
WordPress PHPMailer Host Header Command Injection Exploit [ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.

Price:
Data inserimento
Categoria
Piattaforma
Verificato
Prezzo
FREE
Rischio
[
Security Risk Critical
]
Rel. releases
Descrizione
This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.
CVE
CVE-2016-10033
Other Information
Abuses
0
Commenti
0
Visualizzazioni
10 900
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!
FREE
Open Exploit
You can open this source code for free
Open Exploit
Open Exploit
You can open this source code for free
Verified by
Verified by
This material is checked by Administration and absolutely workable.
Autore
BL
29
Exploits
1616
Lettori
57
[ Commenti: 0 ]
Terms of use of comments:
  • Users are forbidden to exchange personal contact details
  • Haggle on other sites\projects is forbidden
  • Reselling is forbidden
Punishment: permanent block of user account with all Gold.

Entra o registrati per lasciare un commento