commit
58d65ce4b5
|
@ -151,11 +151,27 @@ module Exploit::Remote::SMTPDeliver
|
|||
[nsock, raw_send_recv("EHLO #{domain}\r\n", nsock)]
|
||||
end
|
||||
|
||||
def bad_address(address)
|
||||
address.bytesize > 2048 || /[\r\n]/ =~ address
|
||||
end
|
||||
|
||||
#
|
||||
# Sends an email message, connecting to the server first if a connection is
|
||||
# not already established.
|
||||
#
|
||||
def send_message(data)
|
||||
mailfrom = datastore['MAILFROM'].strip
|
||||
if bad_address(mailfrom)
|
||||
print_error "Bad from address, not sending: #{mailfrom}"
|
||||
return nil
|
||||
end
|
||||
|
||||
mailto = datastore['MAILTO'].strip
|
||||
if bad_address(mailto)
|
||||
print_error "Bad to address, not sending: #{mailto}"
|
||||
return nil
|
||||
end
|
||||
|
||||
send_status = nil
|
||||
|
||||
already_connected = connected?
|
||||
|
@ -166,8 +182,8 @@ module Exploit::Remote::SMTPDeliver
|
|||
nsock = connect_login(false)
|
||||
end
|
||||
|
||||
raw_send_recv("MAIL FROM: <#{datastore['MAILFROM']}>\r\n", nsock)
|
||||
res = raw_send_recv("RCPT TO: <#{datastore['MAILTO']}>\r\n", nsock)
|
||||
raw_send_recv("MAIL FROM: <#{mailfrom}>\r\n", nsock)
|
||||
res = raw_send_recv("RCPT TO: <#{mailto}>\r\n", nsock)
|
||||
if res[0..2] == '250'
|
||||
resp = raw_send_recv("DATA\r\n", nsock)
|
||||
|
||||
|
@ -199,7 +215,7 @@ module Exploit::Remote::SMTPDeliver
|
|||
send_status = raw_send_recv("#{full_msg}\r\n.\r\n", nsock)
|
||||
end
|
||||
else
|
||||
print_error "Server refused to send to <#{datastore['MAILTO']}>"
|
||||
print_error "Server refused to send to <#{mailto}>"
|
||||
end
|
||||
|
||||
if not already_connected
|
||||
|
|
Loading…
Reference in New Issue