CVE-2016-10033

This Metasploit module exploits a command injection vulnerability in WordPress 4.6 via a spoofed Host header to PHPMailer, leveraging Exim's string expansions for remote code execution. It requires a valid WordPress username and targets the default virtual host.

This exploit leverages a file upload vulnerability in PHPMailer (CVE-2016-10033) to upload a malicious PHP backdoor. It then provides a remote shell by encoding commands in base64 and executing them via the backdoor.

This exploit targets PHPMailer, SwiftMailer, and Zend Framework mail libraries to achieve remote code execution via command injection in the email address field. It leverages Exim MTA's expansion mode and base64 encoding to bypass input validation and execute a reverse shell.

This exploit leverages CVE-2016-10073 (Header Injection) and CVE-2016-10033 (RCE) in Vanilla Forums <= 2.3 to achieve unauthenticated remote code execution via crafted Host headers in password reset requests.

This exploit leverages a PHP mail function command injection vulnerability in WordPress 4.6 to achieve remote code execution. It sends a reverse shell payload via a crafted Host header during a password reset request.

This exploit targets multiple vulnerabilities in PHPMailer, SwiftMailer, and Zend-mail to achieve remote code execution via a contact form. It uploads a PHP backdoor containing a reverse shell payload to the target server.

This exploit leverages a vulnerability in PHPMailer (CVE-2016-10033) to achieve remote code execution by injecting a malicious payload into the email field, which writes a PHP backdoor to the target server. The payload establishes a reverse shell connection to the attacker's specified IP and port.

This exploit leverages a command injection vulnerability in PHPMailer versions < 5.2.20 via the 'email' parameter. It crafts a malicious payload to write arbitrary PHP code to a writable directory, achieving remote code execution.

This PoC exploits a command injection vulnerability in PHPMailer < 5.2.18 by manipulating the 'From' email address to inject malicious sendmail arguments, leading to arbitrary file write and potential RCE. The exploit writes a PHP payload to a web-accessible directory via sendmail's -X option.

This repository contains a functional exploit for CVE-2016-10033, a remote code execution vulnerability in PHPMailer versions before 5.2.18. The exploit leverages improper filtering of special characters in the 'From' address to inject malicious parameters into the mail command, leading to arbitrary code execution.

This repository contains a functional Python exploit for CVE-2016-10033, which targets a remote code execution vulnerability in WordPress 4.6 via the lost password functionality. The exploit crafts a malicious Host header to inject commands, downloads a reverse shell payload, and executes it on the target system.

The repository contains only a README file describing a tool to prevent PHP vulnerabilities but lacks any exploit code or technical details. It does not demonstrate or analyze CVE-2016-10033.

This repository contains a functional Go-based exploit for CVE-2016-10033, targeting PHPMailer versions before 5.2.18. The exploit crafts a malicious HTTP POST request to achieve remote code execution by leveraging a vulnerability in PHPMailer's email handling.

This repository contains a functional exploit PoC for CVE-2016-10033, targeting PHPMailer 5.2.17. It includes a Dockerized environment with a vulnerable PHPMailer setup and a script to demonstrate the vulnerability.

This repository provides a functional exploit for CVE-2016-10033, a PHPMailer vulnerability allowing remote code execution via crafted email headers. The Dockerfile sets up a vulnerable environment, and the README includes a curl command to trigger the exploit, demonstrating RCE via command injection.

This repository contains a functional Perl exploit for CVE-2016-10033, targeting PHPMailer's command injection vulnerability via crafted Sender properties. The exploit sends a malicious payload through the Host header to achieve remote code execution.

The repository contains a functional exploit script for CVE-2016-10033, a command injection vulnerability in PHPMailer. The exploit sends a crafted HTTP request to inject a malicious payload, creating a PHP shell for remote command execution.

This repository contains a functional exploit for CVE-2016-10033, a remote code execution vulnerability in PHPMailer versions before 5.2.18. The exploit leverages improper filtering of special characters in the sender's email address to inject malicious parameters into the mail command, leading to arbitrary code execution.

This repository contains a functional exploit for CVE-2016-10033, a remote command execution vulnerability in WordPress <= 4.6 via PHPMailer. It includes a Docker environment for testing and detailed instructions for exploiting the vulnerability through crafted HTTP requests.

This repository contains a functional exploit for CVE-2016-10033, a remote code execution vulnerability in WordPress 4.6. The exploit leverages the Exim4 MTA to execute arbitrary commands via crafted email headers, resulting in a reverse shell.

This repository contains a functional Python script that exploits CVE-2016-10033, a remote code execution vulnerability in PHPMailer. The exploit leverages a crafted email submission to write a malicious PHP backdoor to the target server, enabling arbitrary command execution.

This repository contains a functional exploit for CVE-2016-10033, targeting PHPMailer's improper handling of the `$additional_parameters` argument in the `mail()` function. The exploit injects malicious parameters to write a PHP shell to a web-accessible directory, achieving remote code execution (RCE).

This repository contains a functional exploit for CVE-2016-10033, targeting PHPMailer, Zend-mail, and SwiftMailer to achieve remote code execution via crafted email payloads. The exploit uploads a PHP backdoor through a vulnerable contact form and establishes a reverse shell.

This repository contains a functional exploit for CVE-2016-10033, a PHPMailer vulnerability in WordPress 4.6 that allows remote code execution via crafted Host headers. The exploit uses a bash script to deliver and execute a payload on the target system.

This repository contains a functional exploit for CVE-2016-10033, a remote code execution vulnerability in PHPMailer versions before 5.2.18. The exploit leverages improper filtering of special characters in the sender's email address to inject malicious parameters into the mail command, leading to arbitrary code execution.

This repository contains a functional Perl exploit for CVE-2016-10033, targeting PHPMailer's command injection vulnerability via crafted Sender properties. The exploit sends a malicious payload through the Host header to achieve remote code execution.

This repository provides a Dockerized environment for CVE-2016-10033, a PHPMailer vulnerability that allows remote command execution via crafted email headers. The setup includes a vulnerable PHPMailer instance and a mail form to demonstrate the exploit.

This is a functional exploit for CVE-2016-10033, a remote code execution vulnerability in WordPress 4.6. The script leverages a flaw in the password reset functionality to inject malicious commands via crafted HTTP headers, ultimately executing a reverse shell.

This Metasploit module exploits a command injection vulnerability in WordPress 4.6 via a spoofed Host header to PHPMailer, leveraging Exim string expansions for RCE. It requires a valid WordPress username and targets the default virtual host.

This Metasploit module exploits CVE-2016-10033 in PHPMailer by injecting sendmail arguments to write a malicious PHP payload to the web root and execute it via HTTP request.