Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2016-10033

Description

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

POC

Reference

- http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

- http://seclists.org/fulldisclosure/2016/Dec/78

- https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

- https://www.exploit-db.com/exploits/40968/

- https://www.exploit-db.com/exploits/40969/

- https://www.exploit-db.com/exploits/40970/

- https://www.exploit-db.com/exploits/40974/

- https://www.exploit-db.com/exploits/40986/

- https://www.exploit-db.com/exploits/41962/

- https://www.exploit-db.com/exploits/41996/

- https://www.exploit-db.com/exploits/42024/

- https://www.exploit-db.com/exploits/42221/

Github

- https://github.com/0x00-0x00/CVE-2016-10033

- https://github.com/0x783kb/Security-operation-book

- https://github.com/0xZEros66/Wordpress-Exploit-AiO-Package

- https://github.com/20142995/nuclei-templates

- https://github.com/777sot/PHPMailer

- https://github.com/941-Abhi/Travel-Recommendation-System

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Anurag168/php-mailer

- https://github.com/Astrowmist/POC-CVE-2016-10033

- https://github.com/Awsafaneh/smm

- https://github.com/BagmetDenis/exploits_scripts

- https://github.com/Bajunan/CVE-2016-10033

- https://github.com/Brens498/AulaMvc

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Closerset/WordPress-RCE-EXP

- https://github.com/Dharini432/Leafnow

- https://github.com/DynamicDesignz/Alien-Framework

- https://github.com/ElnurBDa/CVE-2016-10033

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/FishAnonymous/CAShift-Record

- https://github.com/GeneralTesler/CVE-2016-10033

- https://github.com/Gessiweb/Could-not-access-file-var-tmp-file.tar.gz

- https://github.com/GhostTroops/TOP

- https://github.com/Guangyang-Sunlight/php-phpmailer

- https://github.com/Hehhchen/eCommerce

- https://github.com/Hrishikesh7665/OWASP21-PG

- https://github.com/JERRY123S/all-poc

- https://github.com/Jack-LaL/idk

- https://github.com/JesusAyalaEspinoza/p

- https://github.com/KNIGHTTH0R/PHPMail

- https://github.com/Kalyan457/Portfolio

- https://github.com/Keshav9863/MFA_SIGN_IN_PAGE

- https://github.com/Lu183/phpmail

- https://github.com/MIrfanShahid/PHPMailer

- https://github.com/MarcioPeters/PHP

- https://github.com/MartinDala/Envio-Simples-de-Email-com-PHPMailer-

- https://github.com/Mona-Mishra/User-Registration-System

- https://github.com/Mugdho55/Air_Ticket_Management_System

- https://github.com/NCSU-DANCE-Research-Group/CDL

- https://github.com/NikhilReddyPuli/thenikhilreddy.github.io

- https://github.com/Niveditakm/homeRental

- https://github.com/PatelMisha/Online-Flight-Booking-Management-System

- https://github.com/Preeti1502kashyap/loginpage

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/R0ckyesh/Agribuzz

- https://github.com/Rachna-2018/email

- https://github.com/RakhithJK/Synchro-PHPMailer

- https://github.com/Ramkiskhan/sample

- https://github.com/Razzle23/mail-3

- https://github.com/RichardStwart/PHP

- https://github.com/Rivaldo28/ecommerce

- https://github.com/Sakanksha07/Journey-With-Food

- https://github.com/Sakshibadoni/LetsTravel

- https://github.com/SanthoshBOL/Security-Awareness-Reminders

- https://github.com/SecRet-501/PHPMailer

- https://github.com/SeffuCodeIT/phpmailer

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Shamsuzzaman321/Wordpress-Exploit-AiO-Package

- https://github.com/Teeeiei/phpmailer

- https://github.com/ThatsSacha/forum

- https://github.com/VenusPR/PHP

- https://github.com/Vudubond/hacking-scripts

- https://github.com/YasserGersy/PHPMailerExploiter

- https://github.com/ZTK-009/RedTeamer

- https://github.com/Zenexer/safeshell

- https://github.com/aegunasekara/PHPMailer

- https://github.com/aegunasekaran/PHPMailer

- https://github.com/afkpaul/smtp

- https://github.com/agente945/worm

- https://github.com/aklmtst/PHPMailer-Remote-Code-Execution-Exploit

- https://github.com/akr3ch/CheatSheet

- https://github.com/alexander47777/CVE-2016-10033

- https://github.com/alexandrazlatea/emails

- https://github.com/alokdas1982/phpmailer

- https://github.com/anishbhut/simpletest

- https://github.com/ank0809/Responsive-login-register-page

- https://github.com/anquanscan/sec-tools

- https://github.com/antelove19/phpmailer

- https://github.com/anushasinha24/send-mail-using-PHPMailer

- https://github.com/aquahubtest4/ops

- https://github.com/aquahubtest5/ops

- https://github.com/arbaazkhanrs/Online_food_ordering_system

- https://github.com/arislanhaikal/PHPMailer_PHP_5.3

- https://github.com/ashiqdey/PHPmailer

- https://github.com/athirakottekadnew/testingRepophp

- https://github.com/awidardi/opsxcq-cve-2016-10033

- https://github.com/bigtunacan/phpmailer5

- https://github.com/bkrishnasowmya/OTMS-project

- https://github.com/boy-hack/hack-requests

- https://github.com/bzuracyber/Azure-Compliance-as-Code-Pipeline

- https://github.com/chipironcin/CVE-2016-10033

- https://github.com/clemerribeiro/cbdu

- https://github.com/codersstock/PhpMailer

- https://github.com/crackerica/PHPMailer2

- https://github.com/cved-sources/cve-2016-10033

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/cyberharsh/phpmailer

- https://github.com/cyberpacifists/redteam

- https://github.com/denniskinyuandege/mailer

- https://github.com/devhribeiro/cadweb_aritana

- https://github.com/dipak1997/Alumni-M

- https://github.com/dp7sv/ECOMM

- https://github.com/duhengchen1112/demo

- https://github.com/dylangerardf/dhl

- https://github.com/dylangerardf/dhl-supp

- https://github.com/eb613819/CTF_CVE-2016-10033

- https://github.com/elhouti/ensimag-ssi-2019-20

- https://github.com/eminemdordie/mailer

- https://github.com/entraned/PHPMailer

- https://github.com/faraz07-AI/fullstack-Jcomp

- https://github.com/fatfishdigital/phpmailer

- https://github.com/fatihbaba44/PeakGames

- https://github.com/fatihulucay/PeakGames

- https://github.com/fengjixuchui/RedTeamer

- https://github.com/frank850219/PHPMailerAutoSendingWithCSV

- https://github.com/gaguser/phpmailer

- https://github.com/geet56/geet22

- https://github.com/generalbao/phpmailer6

- https://github.com/gnikita01/hackedemistwebsite

- https://github.com/grayVTouch/phpmailer

- https://github.com/gtasaif/PHPMailer

- https://github.com/gvido-berzins/GitBook

- https://github.com/gzy403999903/PHPMailer

- https://github.com/heikipikker/exploit-CVE-2016-10034

- https://github.com/hktalent/TOP

- https://github.com/huongbee/mailer0112

- https://github.com/huongbee/mailer0505

- https://github.com/ifindu-dk/phpmailer

- https://github.com/im-sacha-cohen/forum

- https://github.com/inusah42/ecomm

- https://github.com/ivankznru/PHPMailer

- https://github.com/izisoft/mailer

- https://github.com/izisoft/yii2-mailer

- https://github.com/j4k0m/CVE-2016-10033

- https://github.com/jaimedaw86/repositorio-DAW06_PHP

- https://github.com/jairo0823/capstone

- https://github.com/jamesxiaofeng/sendmail

- https://github.com/jasonsett/Pentest

- https://github.com/jatin-dwebguys/PHPMailer

- https://github.com/jbmihoub/all-poc

- https://github.com/jbperry1998/bd_calendar

- https://github.com/jeddatinsyd/PHPMailer

- https://github.com/jesusclaramontegascon/PhpMailer

- https://github.com/jinnyohjinny/BugCamp

- https://github.com/juhi-gupta/PHPMailer-master

- https://github.com/kN6jq/hack-requests

- https://github.com/kubota/exploit_PHPMail

- https://github.com/kylingit/vul_wordpress

- https://github.com/laddoms/faces

- https://github.com/lanlehoang67/sender

- https://github.com/lcscastro/RecursoFunctionEmail

- https://github.com/leftarmm/speexx

- https://github.com/leocifrao/site-restaurante

- https://github.com/liusec/WP-CVE-2016-10033

- https://github.com/lnick2023/nicenice

- https://github.com/luxiaojue/phpmail

- https://github.com/madbananaman/L-Mailer

- https://github.com/marco-comi-sonarsource/PHPMailer

- https://github.com/mayankbansal100/PHPMailer

- https://github.com/mintoua/Fantaziya_WEBSite

- https://github.com/mkrdeptcreative/PHPMailer

- https://github.com/mohamed-aymen-ellafi/web

- https://github.com/morkamimi/poop

- https://github.com/n0-traces/cve_monitor

- https://github.com/nFnK/PHPMailer

- https://github.com/natsootail/alumni

- https://github.com/nyamleeze/commit_testing

- https://github.com/opsxcq/exploit-CVE-2016-10033

- https://github.com/packetinside/CISA_BOT

- https://github.com/paralelo14/CVE_2016-10033

- https://github.com/password520/RedTeamer

- https://github.com/paulogmota/phpmailer-5.2.20-RCE

- https://github.com/pctechsupport123/php

- https://github.com/pedro823/cve-2016-10033-45

- https://github.com/pitecozz/RCE-VUL

- https://github.com/pnagasaikiran/private-notes

- https://github.com/prakashshubham13/portfolio

- https://github.com/prathamrathore/portfolio.php

- https://github.com/prostogorod/PHPMailer

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/rasisbade/allphp

- https://github.com/rebujacker/CVEPoCs

- https://github.com/rohandavid/fitdanish

- https://github.com/rrathi0705/email

- https://github.com/rudresh98/e_commerce_IFood

- https://github.com/sakshibohra05/project

- https://github.com/sankar-rgb/PHPMailer

- https://github.com/sarriscal/phpmailer

- https://github.com/sarvottam1766/Project

- https://github.com/sashasimulik/integration-1

- https://github.com/sccontroltotal/phpmailer

- https://github.com/sealldeveloper/CVE-2016-10033-PoC

- https://github.com/sealldeveloper/CVE-2016-2098-PoC

- https://github.com/sliani/PHPMailer-File-Attachments-FTP-to-Mail

- https://github.com/superfish9/pt

- https://github.com/supreethsk/rental

- https://github.com/suptechie/PHPMailer

- https://github.com/sweta-web/Online-Registration-System

- https://github.com/trganda/dockerv

- https://github.com/tvirus-01/PHP_mail

- https://github.com/ums91/CISA_BOT

- https://github.com/vaartjesd/test

- https://github.com/vatann07/BloodConnect

- https://github.com/vedavith/mailer

- https://github.com/vivekaom/pentest_example

- https://github.com/waqeen/cyber_security21

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/wesandradealves/sitio_email_api_demo

- https://github.com/whale-baby/Vulnerability

- https://github.com/windypermadi/PHP-Mailer

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/yaya4095/PHPMailer

- https://github.com/ykankaya/PHPMailerExploiter

- https://github.com/zakiaafrin/PHPMailer

- https://github.com/zeeshanbhattined/exploit-CVE-2016-10033

- https://github.com/zhangqiyi55/phpemail