commit
58d65ce4b5
|
@ -151,11 +151,27 @@ module Exploit::Remote::SMTPDeliver
|
||||||
[nsock, raw_send_recv("EHLO #{domain}\r\n", nsock)]
|
[nsock, raw_send_recv("EHLO #{domain}\r\n", nsock)]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def bad_address(address)
|
||||||
|
address.bytesize > 2048 || /[\r\n]/ =~ address
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Sends an email message, connecting to the server first if a connection is
|
# Sends an email message, connecting to the server first if a connection is
|
||||||
# not already established.
|
# not already established.
|
||||||
#
|
#
|
||||||
def send_message(data)
|
def send_message(data)
|
||||||
|
mailfrom = datastore['MAILFROM'].strip
|
||||||
|
if bad_address(mailfrom)
|
||||||
|
print_error "Bad from address, not sending: #{mailfrom}"
|
||||||
|
return nil
|
||||||
|
end
|
||||||
|
|
||||||
|
mailto = datastore['MAILTO'].strip
|
||||||
|
if bad_address(mailto)
|
||||||
|
print_error "Bad to address, not sending: #{mailto}"
|
||||||
|
return nil
|
||||||
|
end
|
||||||
|
|
||||||
send_status = nil
|
send_status = nil
|
||||||
|
|
||||||
already_connected = connected?
|
already_connected = connected?
|
||||||
|
@ -166,8 +182,8 @@ module Exploit::Remote::SMTPDeliver
|
||||||
nsock = connect_login(false)
|
nsock = connect_login(false)
|
||||||
end
|
end
|
||||||
|
|
||||||
raw_send_recv("MAIL FROM: <#{datastore['MAILFROM']}>\r\n", nsock)
|
raw_send_recv("MAIL FROM: <#{mailfrom}>\r\n", nsock)
|
||||||
res = raw_send_recv("RCPT TO: <#{datastore['MAILTO']}>\r\n", nsock)
|
res = raw_send_recv("RCPT TO: <#{mailto}>\r\n", nsock)
|
||||||
if res[0..2] == '250'
|
if res[0..2] == '250'
|
||||||
resp = raw_send_recv("DATA\r\n", nsock)
|
resp = raw_send_recv("DATA\r\n", nsock)
|
||||||
|
|
||||||
|
@ -199,7 +215,7 @@ module Exploit::Remote::SMTPDeliver
|
||||||
send_status = raw_send_recv("#{full_msg}\r\n.\r\n", nsock)
|
send_status = raw_send_recv("#{full_msg}\r\n.\r\n", nsock)
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
print_error "Server refused to send to <#{datastore['MAILTO']}>"
|
print_error "Server refused to send to <#{mailto}>"
|
||||||
end
|
end
|
||||||
|
|
||||||
if not already_connected
|
if not already_connected
|
||||||
|
|
Loading…
Reference in New Issue