Date: Wed, 3 May 2017 17:32:03 -0300 From: Dawid Golunski <dawid@...alhackers.com> To: oss-security@...ts.openwall.com Subject: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Here's a paper I wrote back in December. It was originally meant to go into Phrack but the team wanted a more general article on parameter injection as mail() was supposedly an outdated technique. Meanwhile, the RCE-chain continues :) So I decided to post it as it is without changing it as mail() injection deserves a separate article imho. https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html I reveal some exim code-execution vectors in there that should change the whole game slightly :) See my exploit for WordPress Core that is based on it: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html I'll attach copies of the white-paper here in the next revision as I haven't slept for 3 nights and need to double check on everything before it goes into the archive forever :) Regards, Dawid Golunski https://legalhackers.com https://ExploitBox.io t: @dawid_golunski
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ