Thursday, December 29, 2016

PHPMailer Hack puts millions of Wordpress Sites at risk


Fancy Wordpress design marketing firms can create  a pretty site, but 9.9 times out of 10, security is severely lacking. Once burned, is just too late. But try convincing your customers of that.

Well this one will grab you where it counts. A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.

The flaw was found by a security researcher named Dawid Golunski and an initial fix was included in PHPMailer 5.2.18, which was released Saturday. However, it turns out that the patch was incomplete and can be bypassed.

The PHPMailer library is used directly or indirectly by many content management systems (CMSs) including WordPress, Joomla and Drupal. Where the library is not included in their core code, it is likely available as a separate module or can be bundled with third-party add-ons.A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.

Below is a  hacked crafted email address, which if not validated in the form will allow the code to run.

From https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.htm

# Bypass / PHPMailer < 5.2.20 Remote Code Execution PoC Exploit (CVE-2016-10045)

"\"attacker\\' -oQ/tmp/ -X%s/phpcode.php  some\"@email.com"

No comments:

Post a Comment