PhpMailer and SwiftMailer, the ZendMail successive exposure of the RCE high-risk vulnerabilities, affecting millions of Web servers-vulnerability warning-the black bar safety net

! [](/Article/UploadPic/2017-1/20171543510834. png? www. myhack58. com)
Researchers recently found a present in 3 common open source PHP Library for high-risk(Critical)vulnerabilities, hackers can exploit this vulnerability to remotely execute arbitrary commands, there is a vulnerability in the PHP library includes SwiftMailer And PhpMailer and ZendMail it.
A few days ago FreeBuf reported from Poland Legal Hackers, a researcher Dawid Golunski before a burst will disclose the presence in the PHPMailer Vulnerability(CVE-2016-10033), the exploit program on the parameters of the filtering is imperfect, to execute arbitrary code. PHPMailer in the world with users is about 900 million. So, PHPMailer for that vulnerability was released 5. 2. 18 edition, which uses the escapeshellarg()function to filter, seems to fix the vulnerability, but in fact a new function with the escapeshellcmd()there is a conflict.
The use of the new version of the conflict, the researchers Golunski again bypassing the 5. 2. 18 version of PHPMailer in security measures, and therefore the application of a new vulnerability ID(CVE-2016-10045)。 This is a vulnerability affecting a wider range, including many open source web applications such as WordPress, Drupal, 1CRM, SugarCRM, Yii and Joomla are could be subject to attack.
In the end, PHPMailer released 5. 2. 20 version, all previous versions are affected, please webmasters as soon as possible to upgrade to the latest version.
In addition, Golunski also found two other PHP libraries in similar vulnerability, which two PHP library is SwiftMailer and ZendMail it. The above three vulnerability risk level to reach the high-risk(Critical) to.
SwiftMailer remote command execution vulnerability, CVE-2016-10074）
SwiftMailer is also a section with many users of the software, it can be through the SMTP Protocol to send mail. Many open source projects use this library, including Yii2, Laravel,Symfony is.
SwiftMailer vulnerability using the method of the PHPMailer vulnerability similar, just find the use of the SwiftMailer page, such as registration, contact forms, password resets, etc. the page will be able to execute the command.
Hackers can be in theweb serveron the remote execution command, so that the storming of the server.
SwiftMailer all versions affected by this vulnerability, including the most recent 5. 4. 5-DEV version.
Golunski to the SwiftMailer team reported this vulnerability, the development team quickly fixed the vulnerability within a day released a 5. 4. 5 Edition.
The “mail transmission function(Swift_Transport_MailTransport)vulnerability exists, if the”From”And”ReturnPath”or”Sender”header from an untrusted source, the function may be transmitted to any of the shell parameters, which leads to remote code execution.” SwiftMailer updates log writes.
ZendMail RCE Vulnerability CVE-2016-10034）
ZendMail is Zend Framework a PHP component Zend Framework has 9500 million installed capacity.
! [](/Article/UploadPic/2017-1/20171543510857. png? www. myhack58. com)

ZendMail using the method with PHPMailer And SwiftMailer similar, on the address insert quotation marks. Because the program is not successful the filter, causing the input value is treated as a parameter to execute.
Golunski has released a PoC video demo and a named PwnScriptum the triple exp, which contains three vulnerabilities attack method. And will soon publish a white paper to explain in detail the three vulnerabilities.