CVE-2023-38831 PoC — WinRAR 安全漏洞

Source

https://github.com/h3xecute/SideCopy-Exploits-CVE-2023-38831

Associated Vulnerability

Title:WinRAR 安全漏洞 (CVE-2023-38831)
Description:WinRAR是一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 RARLabs WinRAR 6.23之前版本存在安全漏洞。攻击者利用该漏洞可以执行任意代码。

Description

SideCopy APT Group exploits CVE-2023-38831

Readme

# SideCopy Exploits CVE-2023-38831

CVE-2023-38831 is a Remote Code Execution (RCE) vulnerability in WinRAR that impacts WinRAR versions prior to 6.23. Here's how an attacker can exploit it: the malicious archive file contains both a benign file and a folder with the same name as the file. Typically, this folder contains malware that will be executed when the victim attempts to open the seemingly harmless file.

Within this example RAR file, there is a PDF file that is benign, and inside the folder, there is an executable file containing malware.

If the victim is using a WinRAR version prior to 6.23 and attempts to open the seemingly harmless PDF document, the malware will be executed.

## PoC Video:
[![SideCopy APT Exploits CVE-2023 38831 (Proof-of-Concept Video)](https://img.youtube.com/vi/nioUjywlg5c/0.jpg)](https://www.youtube.com/watch?v=nioUjywlg5c)

File Snapshot


 [4.0K]  /data/pocs/61ffdad0869bf8d57040e3c2163ca37e925cd292
└── [ 869]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!