CVE-2023-38831 PoC — WinRAR 安全漏洞

来源

关联漏洞

Description

lazy way to create CVE-2023-38831 winrar file for testing

介绍

# winrar_CVE-2023-38831_lazy_poc
lazy way to create CVE-2023-38831 winrar file for testing

Article that mentioned this vuln and the sample: https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/

version of winrar i was using is winrar 5.91.0

I took a malicious winrar file (049af32f678da5e344315ce46787e8fc https://gist.github.com/BoredHackerBlog/83cd5ca743189bf72b28ebaabe3c3df0) and removed all the included files besides the folder and main readme file

I created a new file with my command and added it to the ReadMe.txt folder and renamed the file to 'ReadMe.txt .cmd.'

<img width="1059" alt="image" src="https://user-images.githubusercontent.com/38662926/263032549-9278c687-8e5c-4418-a4e8-f98ab4c2410a.png">

<img width="790" alt="image" src="https://user-images.githubusercontent.com/38662926/263032670-b5c4e640-ab4e-4a0f-a857-ac70e41aff67.png">

<img width="967" alt="image" src="https://user-images.githubusercontent.com/38662926/263032761-3e4fa265-2782-4664-b61b-c4d6df5eb35b.png">

'ReadMe.txt .cmd' works too, so does .bat, feel free to experiment

test.rar in this repo can be used for testing. It does not have the command file included. You'll have to add that on your own.

fyi: ideally, you don't want to use modified malicious files for testing. play with this in a sandbox or a VM...

文件快照

 [4.0K]  /data/pocs/6c234f8fc592e0db1cac042e7e16c2386de7c444
├── [1.3K]  README.md
└── [ 433]  test.rar

0 directories, 2 files

备注