php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-26 06:15:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

added more tests for SwiftMailer vulnerability CVE-2016-10074

Browse Source 
https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
This commit is contained in:
Carsten Brandt
2016-12-28 23:50:10 +01:00
parent 6af2a43390
commit 96ee5c373e
1 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tests/framework/validators/EmailValidatorTest.php
View File

@ -128,15 +128,34 @@ class EmailValidatorTest extends TestCase
public function malformedAddressesProvider()
{
return [
// this is the demo email used in the proof of concept of the exploit
['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
// trying more adresses
['"Attacker -Param2 -Param3"@test.com'],
['\'Attacker -Param2 -Param3\'@test.com'],
['"Attacker \" -Param2 -Param3"@test.com'],
["'Attacker \\' -Param2 -Param3'@test.com"],
['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com']
['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
// and even more variants
['"attacker\"\ -oQ/tmp/\ -X/var/www/cache/phpcode.php"@email.com'],
["\"attacker\\\"\0-oQ/tmp/\0-X/var/www/cache/phpcode.php\"@email.com"],
['"attacker@cebe.cc\"-Xbeep"@email.com'],
["'attacker\\' -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
["'attacker\\\\' -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
["'attacker\\\\'\\ -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
["'attacker\\';touch /tmp/hackme'@email.com"],
["'attacker\\\\';touch /tmp/hackme'@email.com"],
["'attacker\\';touch/tmp/hackme'@email.com"],
["'attacker\\\\';touch/tmp/hackme'@email.com"],
['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
];
}
/**
* Test malicious email addresses that can be used to exploit SwiftMailer vulnerability CVE-2016-10074
* https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
*
* @dataProvider malformedAddressesProvider
*/
public function testMalformedAddresses($value)