module

SquirrelMail PGP Plugin Command Execution (SMTP)

Disclosed	Created
Jul 9, 2007	May 30, 2018

Disclosed

Jul 9, 2007

Created

May 30, 2018

Description

This module exploits a command execution vulnerability in the
PGP plugin of SquirrelMail. This flaw was found while quickly
grepping the code after release of some information at
http://www.wslabi.com/. Later, iDefense published an advisory ....

Reading an email in SquirrelMail with the PGP plugin activated
is enough to compromise the underlying server.

Only "cmd/unix/generic" payloads were tested.

Author

Nicob [email protected]

Platform

Unix

Architectures

cmd

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/unix/webapp/squirrelmail_pgp_plugin
    msf exploit(squirrelmail_pgp_plugin) > show targets
        ...targets...
    msf exploit(squirrelmail_pgp_plugin) > set TARGET < target-id >
    msf exploit(squirrelmail_pgp_plugin) > show options
        ...show and set options...
    msf exploit(squirrelmail_pgp_plugin) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today