EXPLOITDB-EDB-43500

EXPLOITDB text WORKING POC

Exploit for CVE-2016-0772 - CPython <3.4.5-2.7.12 - Info Disclosure

AI Analysis

This PoC demonstrates a STARTTLS stripping vulnerability in Python's smtplib, where a MITM can downgrade the connection to plaintext by sending an invalid response code (200 instead of 220) to the STARTTLS command, bypassing encryption without raising an exception.

Attack Type

other

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1557 - Adversary-in-the-Middle

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type local

Platform multiple

Language text

Files 1

https://www.exploit-db.com/exploits/43500

Authors

tintinweb

Vulnerability

CVE-2016-0772

CPython <3.4.5-2.7.12 - Info Disclosure

MEDIUM

CVSS 6.5