added more tests for SwiftMailer vulnerability CVE-2016-10074

https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
Deele · Dec 28, 2016 · 96ee5c3 · 96ee5c3
1 parent 6af2a43
commit 96ee5c3
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/tests/framework/validators/EmailValidatorTest.php b/tests/framework/validators/EmailValidatorTest.php
@@ -128,15 +128,34 @@ public function testValidateAttribute()
     public function malformedAddressesProvider()
     {
         return [
+            // this is the demo email used in the proof of concept of the exploit
+            ['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
+            // trying more adresses
             ['"Attacker -Param2 -Param3"@test.com'],
             ['\'Attacker -Param2 -Param3\'@test.com'],
             ['"Attacker \" -Param2 -Param3"@test.com'],
             ["'Attacker \\' -Param2 -Param3'@test.com"],
-            ['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com']
+            ['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
+            // and even more variants
+            ['"attacker\"\ -oQ/tmp/\ -X/var/www/cache/phpcode.php"@email.com'],
+            ["\"attacker\\\"\0-oQ/tmp/\0-X/var/www/cache/phpcode.php\"@email.com"],
+            ['"[email protected]\"-Xbeep"@email.com'],
+
+            ["'attacker\\' -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
+            ["'attacker\\\\' -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
+            ["'attacker\\\\'\\ -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
+            ["'attacker\\';touch /tmp/hackme'@email.com"],
+            ["'attacker\\\\';touch /tmp/hackme'@email.com"],
+            ["'attacker\\';touch/tmp/hackme'@email.com"],
+            ["'attacker\\\\';touch/tmp/hackme'@email.com"],
+            ['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
         ];
     }
 
     /**
+     * Test malicious email addresses that can be used to exploit SwiftMailer vulnerability CVE-2016-10074
+     * https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
+     *
      * @dataProvider malformedAddressesProvider
      */
     public function testMalformedAddresses($value)