Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 May 2017 17:32:03 -0300
From: Dawid Golunski <>
Subject: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0)

Here's a paper I wrote back in December.  It was originally meant to go
into Phrack but the team wanted a more general article on parameter injection
as mail() was supposedly an outdated technique.
Meanwhile, the RCE-chain continues :) So I decided to post it as it is without
changing it as mail() injection deserves a separate article imho.

I reveal some exim code-execution vectors in there that should change
the whole game slightly :)

See my exploit for WordPress Core that is based on it:

I'll attach copies of the white-paper here in the next revision as I
haven't slept for 3 nights and need to double check on everything
before it goes into the archive forever :)

Dawid Golunski
t: @dawid_golunski

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ