infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add note about PHPMailer being bundled

bug/bundler_fix
William Vu 2017-05-15 14:28:07 -05:00
parent 35670713ff
commit 2055bf8f65
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
documentation/modules/exploit/unix/webapp/wp_phpmailer_host_header.md
View File

@ -1,7 +1,8 @@
## Intro
This vuln has some caveats: you need approximately WordPress 4.6 with
Exim for the `sendmail(8)` command.
Exim for the `sendmail(8)` command. You do not need to install
PHPMailer, as it is included as part of the WordPress install.
Thanks to WP's awesome practice of backporting the heck out of all their
patches, we need to use a Git clone and check out the vuln release.

3
modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
View File

@ -15,7 +15,8 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'WordPress PHPMailer Host Header Command Injection',
'Description' => %q{
This module exploits a command injection vulnerability in WordPress
version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer.
version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer,
a mail-sending library that is bundled with WordPress.
A valid WordPress username is required to exploit the vulnerability.
Additionally, due to the altered Host header, exploitation is limited to