CVE-2016-10034

This exploit targets PHPMailer, SwiftMailer, and Zend Framework mail libraries to achieve remote code execution via command injection in the email address field. It leverages Exim MTA's expansion mode and base64 encoding to bypass input validation and execute a reverse shell.

This exploit targets multiple vulnerabilities in PHPMailer, SwiftMailer, and Zend-mail to achieve remote code execution via a contact form. It uploads a PHP backdoor containing a reverse shell payload to the target server.

This PoC exploits a command injection vulnerability in Zend Framework's mail functionality (CVE-2016-10034) by injecting malicious parameters into the sendmail command via the 'From' email header. It writes a PHP file containing attacker-controlled code to a writable directory, achieving remote code execution.

This repository contains a functional exploit for CVE-2016-10034, targeting PHPMailer versions before 5.2.18. The exploit leverages a vulnerability in the mailSend function to achieve remote code execution (RCE) by injecting malicious parameters into the mail command via a crafted From address.