Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ELIDESKEW #31

Open
tosepf opened this issue Apr 17, 2017 · 2 comments
Open

ELIDESKEW #31

tosepf opened this issue Apr 17, 2017 · 2 comments

Comments

@tosepf
Copy link

tosepf commented Apr 17, 2017
edited
Loading

Hi,

Can someone help me, where can i find elideskew.pl script which is used in ELIDESKEW ???

Thanks
@doomguy
Copy link

doomguy commented Apr 17, 2017
edited
Loading

@tosepf My bet is you won't find it, as the file was not released by TheShadowBrokers. However, as stated in the file you mentioned, the elideskew.pl is using a publicly known RCE vulnerability which was fixed in 1.4.8. The funny thing is: there is no RCE mentioned on http://squirrelmail.org/security/ - just an LFI, Maybe they were able to upgrade the LFI to RCE.

If you want this exploit, you need to reverse it yourself. Grab the source for 1.4.7 and 1.4.8, make a diff and try to understand the differences in the code and why they introduced them. From there you might be able to craft a working exploit.

@doomguy
Copy link

doomguy commented Apr 17, 2017

You could try to combine the information from those two sites to achieve your goal:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doomguy @tosepf