Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-30333 PoC — UnRAR 路径遍历漏洞

Source
https://github.com/paradox0909/cve-2022-30333_online_rar_extracor
Associated Vulnerability
Title:UnRAR 路径遍历漏洞 (CVE-2022-30333)
Description:UnRAR是一个可解压rar后缀文件的命令。 UnRAR 6.12 之前版本存在安全漏洞,该漏洞源于允许在提取(也称为解包)操作期间目录遍历写入文件,如创建 ~/.ssh/authorized_keys 文件所示。
File Snapshot

 [4.0K]  /data/pocs/711036651ff72ac4befafbd5946d46a629a97cd7
└── [4.0K]  501496cd-bc48-4cdf-a628-b6ee60d29be3
    ├── [ 374]  Dockerfile
    ├── [  64]  flag.c
    ├── [  65]  run-lamp.sh
    ├── [ 124]  shell.rar
    ├── [4.0K]  src
    │   ├── [4.0K]  bin
    │   │   └── [4.0K]  rar
    │   │       ├── [6.6K]  license.txt
    │   │       ├── [624K]  rar
    │   │       ├── [105K]  rar.txt
    │   │       └── [347K]  unrar
    │   ├── [2.2K]  extract.php
    │   ├── [ 952]  index.php
    │   └── [4.0K]  static
    │       └── [202K]  bulma.min.css
    ├── [  36]  <svg onload=alert(document.domain)>.php
    └── [4.0K]  unrar-cve-2022-30333-poc
        ├── [1.5K]  cve-2022-30333.rb
        ├── [4.2K]  file.rar
        ├── [ 932]  README.md
        └── [  36]  shell.php

6 directories, 16 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.