Date: Wed, 3 May 2017 17:32:03 -0300 From: Dawid Golunski <dawid@...alhackers.com> To: oss-security@...ts.openwall.com Subject: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Here's a paper I wrote back in December. It was originally meant to go into Phrack but the team wanted a more general article on parameter injection as mail() was supposedly an outdated technique. Meanwhile, the RCE-chain continues :) So I decided to post it as it is without changing it as mail() injection deserves a separate article imho. https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html I reveal some exim code-execution vectors in there that should change the whole game slightly :) See my exploit for WordPress Core that is based on it: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html I'll attach copies of the white-paper here in the next revision as I haven't slept for 3 nights and need to double check on everything before it goes into the archive forever :) Regards, Dawid Golunski https://legalhackers.com https://ExploitBox.io t: @dawid_golunski
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.