วิธี Patch upgrade PHPMailer < 5.2.18 Remote Code Execution

วิธี Patch upgrade PHPMailer < 5.2.18 Remote Code Execution

วิธี Patch upgrade PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033) และ Contact Form 7
สำหรับผู้ใข้ WordPress บน VPS หรือ Dedicated server และ Shared hosting (ย้ำ case นี้เจ้าของเว็บไซต์ต้องแก้ไขเอง เพราะ class นี้กระจากอยู่)

1. == WordPress Core ==

WP DIR Path: /wp-includes/class-phpmailer.php

cd ../htdocs/wp-includes

mv class-phpmailer.php class-phpmailer.php.old
mv class-smtp.php class-smtp.php.old
mv class-pop3.php class-pop3.php.old

wget //raw.githubusercontent.com/PHPMailer/PHPMailer/master/class.phpmailer.php

wget //raw.githubusercontent.com/PHPMailer/PHPMailer/master/class.pop3.php

wget //raw.githubusercontent.com/PHPMailer/PHPMailer/master/class.smtp.php

mv class.phpmailer.php class-phpmailer.php

mv class.smtp.php class-pop3.php

mv class.smtp.php class-smtp.php

chown www-data:www-data class-phpmailer.php class-smtp.php class-pop3.php

2. == WordPress plugins ==

ปลั๊กอินที่เรียกใช้ไลบารี PHPMailer class

เช่น PHP Contact Form, contact-form-7, FormCraft

วิธี Patch – Contact Form 7

ค้นหา find * |grep -r “phpmailer”
ตรวจสอบ global variable ไลบารี

class WPCF7_Mail

mail.php:add_action( 'phpmailer_init', 'wpcf7_phpmailer_init' );
mail.php:function wpcf7_phpmailer_init( $phpmailer ) {
mail.php:&amp;nbsp;&amp;nbsp; &amp;nbsp;foreach ( (array) $phpmailer-&amp;gt;getCustomHeaders() as $custom_header ) {
mail.php:&amp;nbsp;&amp;nbsp; &amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;nbsp;$phpmailer-&amp;gt;msgHTML( $phpmailer-&amp;gt;Body );

global variable $phpmailer

ปลั๊กอิน included of PHPMailer WordPress Core

Refer:
//wordpress.stackexchange.com/questions/250315/why-contact-form-7-doesnt-update-phpmailer-library


PHPMailer < 5.2.18 Remote Code Execution

exploit #GitHub: //github.com/opsxcq/exploit-CVE-2016-10033
Version 5.2.18 (December 24th 2016)
SECURITY Critical security update for CVE-2016-10033 please update now! Thanks to Dawid Golunski.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Please validate : * Time limit is exhausted. Please reload CAPTCHA.