PHPMailer-Checker python script for the phpmailer exploit

With the new phpmailer exploit, which provides remote code execution, that was released a few days ago, I decided to create a simple python script called phpmailer-chcker. I released this to check for the vulnerable versions of the phpmailer application. I’m sure ill make it easier to use in the future, but its a start for now.

The vulnerability and exploit was discovered by David Golunski

The original full advisory can be located here
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

PoC Video:
https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html

Disclaimer:
For testing purposes only. Do no harm.

It can be found here.
https://github.com/jasonbernier/phpmailer-checker

Leave a Reply

Your email address will not be published. Required fields are marked *