• XSS.stack #1 – первый литературный журнал от юзеров форума

Trying to exploit CVE-2020-28018 [Use after free smtp_reset]

Отслеживать
cocainecowboy

cocainecowboy

CD-диск
Пользователь
Регистрация
18.08.2021
Сообщения
11
Реакции
3
Hello

I found a server that may be exploitable by the above CVE but I have no fucking idea when it comes to using C.

1646843885084.png


When I try to run a proof of concept found on github I'm met with permissions error.

I'm unsure if I need to compile the file exploit.c first. When I try to compile it with gcc I get a error messages saying 'usr/bin/ld: exploit.c.text+0x114): undefined reference to `OPENSSL_init_ssl'. Thats just one example. Most of the errors seem to be related to SSL.

python script included in poc says site is vulnerable to CVE
1646844666816.png


github.com

GitHub - dorkerdevil/CVE-2020-28018: exim use after free exploit and detection

exim use after free exploit and detection. Contribute to dorkerdevil/CVE-2020-28018 development by creating an account on GitHub.
github.com
 
Hi. First, there is a makefile in the repo. You can just run make.

Bash: 
$ cat Makefile

# compile exploit.c

CC=gcc
LIB=-lssl -lcrypto -lpthread

all:
    ${CC} exploit.c -o exploit ${LIB}

Second, the PoC needs to be adjusted to work on your target environment (you ought to play with a debugger on a virtual machine with the same OS and Exim version as the target has).

And finally, the vulnerability is actually fixed in 4.94.2 =)
 
poolshrimp сказал(а):
Hi. First, there is a makefile in the repo. You can just run make.

Bash: 
$ cat Makefile

# compile exploit.c

CC=gcc
LIB=-lssl -lcrypto -lpthread

all:
    ${CC} exploit.c -o exploit ${LIB}

Second, the PoC needs to be adjusted to work on your target environment (you ought to play with a debugger on a virtual machine with the same OS and Exim version as the target has).

And finally, the vulnerability is actually fixed in 4.94.2 =)
okay thanks, this makes sense now to me and i was under the impression v 4.94.2 was affected by this too, shit :/

I wonder why the .py checker script says its vulnerable, weird.. fuck it ill try it anyway to see what happens
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх