Skip to content

Instantly share code, notes, and snippets.

@cebe cebe/phpmailer.sh
Last active Dec 28, 2016

Embed
What would you like to do?
command for finding vulnerable files and line of code for https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/ finds also really old versions, e.g. 2.0.4.
#!/bin/bash
for file in $(find /var/www |grep class.phpmailer.php) ; do echo $file; grep -ni '%s["'\''], $this->Sender' $file ; done
@cebe

This comment has been minimized.

Copy link
Owner Author

commented Dec 27, 2016

A quick patch (in case you can not upgrade easily from an old version) will be to put escapeshellarg() around $this->Sender.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.