This Metasploit module exploits a command injection vulnerability against Dovecot with Exim using the "use_shell" option. It uses the sender's address to inject arbitrary commands since this is one of the user-controlled variables, which has been successfully tested on Debian Squeeze using the default Exim4 with dovecot-common packages.
d72b6de0ba7eaf73295bab2780dde4862dd95a6711d35c8ea50c93c6aad58c90Exim sender_address parameter remote command execution exploit that spawns a connect-back shell.
9b7e5b2ab5d077019a9d4cd152be0e3cd435bd5a759bcb011ea9bf0a0ca131fb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed