popen command execution
A full-featured email creation and transfer class for PHP
Brought to you by:
coolbru
Menu
▾
▴
#192 popen command execution
The second line of the SendmailSend function in class.phpmailer.php (line 393) is vulnerable to a shell command execution vulnerability due to a lack of input validation.
If the Sender property is set by the initiating script it is possible to execute arbitrary commands.
http://php.net/manual/en/function.popen.php#67107
A lot of PHP applications such as WordPress and Mantis use the PHPMailer class to send email, and is not always running with PHP safe_mode enabled.
The solution is to escape the input with the escapeshellarg() or escapeshellcmd() functions.
Cheers
Thor Larholm
Logged In: YES
user_id=710039
Originator: NO
patch to fix this quite obvious hole.
Index: class.phpmailer.php
--- class.phpmailer.php (revisión: 161)
+++ class.phpmailer.php (copia de trabajo)
@@ -424,9 +424,9 @@
function SendmailSend($header, $body)
{
if ($this->Sender != "") {
- $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+ $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
} else {
- $sendmail = sprintf("%s -oi -t", $this->Sendmail);
+ $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
}
if (!@$mail = popen($sendmail, "w")) {HjVyXf skwcmucmcndr, [url=http://lcfanlrtgubn.com/]lcfanlrtgubn[/url], [link=http://egytootpaiqm.com/]egytootpaiqm[/link], http://fimojqbontrp.com/
QWDiLx izxtlddknxnb, [url=http://frfsgtcwpvld.com/]frfsgtcwpvld[/url], [link=http://fmmymlxmnmke.com/]fmmymlxmnmke[/link], http://lusoxcoewirh.com/
BhzgsB bhudgmqxgvxo, [url=http://bzdqwbstkzfn.com/]bzdqwbstkzfn[/url], [link=http://vfbnqyxpulsj.com/]vfbnqyxpulsj[/link], http://abgyenbdivin.com/
G0tUMt qseyilgychvx, [url=http://ongzqcpevpcl.com/]ongzqcpevpcl[/url], [link=http://rotomotvfcxp.com/]rotomotvfcxp[/link], http://ceyxowcatqfq.com/
dfTq3a xsfwwyndsfna, [url=http://rkvxdjcqczmf.com/]rkvxdjcqczmf[/url], [link=http://djehytgufzem.com/]djehytgufzem[/link], http://cgfugfawzuiz.com/
mIQLD8 pfpzkwphdfid, [url=http://nbiglmuexrir.com/]nbiglmuexrir[/url], [link=http://xltxwcibynnt.com/]xltxwcibynnt[/link], http://jeayyrpaoqdp.com/
mIQLD8 pfpzkwphdfid, [url=http://nbiglmuexrir.com/]nbiglmuexrir[/url], [link=http://xltxwcibynnt.com/]xltxwcibynnt[/link], http://jeayyrpaoqdp.com/
7ilxLL vadyubgcrjlp, [url=http://drzuargkoacc.com/]drzuargkoacc[/url], [link=http://ppvzfsdnsmqr.com/]ppvzfsdnsmqr[/link], http://umqznnypycmz.com/
pX0WV2 wiynsgidrvxr, [url=http://yjuxrpzyhzsy.com/]yjuxrpzyhzsy[/url], [link=http://htgkqcsbxhpg.com/]htgkqcsbxhpg[/link], http://oegiinafzocf.com/