cebe/phpmailer.sh

Last active December 28, 2016 12:38

Star (1) You must be signed in to star a gist
Fork (1) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/cebe/d0f5631b432c520a2e6f6be8beddf116.js"></script>
Save cebe/d0f5631b432c520a2e6f6be8beddf116 to your computer and use it in GitHub Desktop.

Download ZIP

command for finding vulnerable files and line of code for https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/ finds also really old versions, e.g. 2.0.4.

Raw

phpmailer.sh

	#!/bin/bash

	for file in $(find /var/www \|grep class.phpmailer.php) ; do echo $file; grep -ni '%s["'\''], $this->Sender' $file ; done

Author

cebe commented Dec 27, 2016

A quick patch (in case you can not upgrade easily from an old version) will be to put escapeshellarg() around $this->Sender.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment