漏洞平台

POC详情： 766427555a1ee5978e65f70121d39574dc543a96

来源

https://github.com/walidpyh/CVE-2025-8088

关联漏洞

标题： WinRAR 安全漏洞 (CVE-2025-8088)
描述：WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞，该漏洞源于路径遍历问题，可能导致任意代码执行。

介绍

# CVE-2025-8088 PoC (Educational Use Only)

Details about this CVE can be found at: https://nvd.nist.gov/vuln/detail/CVE-2025-8088

> ⚠️ **Warning:** This repository contains a proof-of-concept (PoC) for CVE-2025-8088.  
> It is intended **for educational purposes, research, and lab environments only**.  
> Do **not** use this code on systems you do not own or have explicit permission to test.

---

## Overview

This project demonstrates how an Alternate Data Stream (ADS) payload can be embedded into a WinRAR archive.  
It is designed to teach how certain Windows applications handle file streams and archive processing, specifically for **research and lab testing**.

**Key Points:**

- Works with **RAR5 format**.
- Supports **multiple decoy files** with **one payload**.
- Recomputes all RAR header CRCs to ensure the archive is valid.
- The payload is delivered via an **ADS attached to the first decoy file**.

---

## Disclaimer

This PoC is **not intended for malicious use**. Misuse can be illegal and unethical.  
Always run in a controlled lab environment or virtual machine.

---

## Prerequisites

- Windows Environment.
- [WinRAR](https://www.win-rar.com/download.html) installed.
- Python 3.10+

---

## Installation

Clone this repository:
```
git clone https://github.com/walidpyh/CVE-2025-8088.git
cd CVE-2025-8088
```

---

## Usage

```
python main.py <payload_file> <output_rar> [--decoy <decoy_file1> <decoy_file2> ...]
```

**Examples:**

1. Using the default decoy:

`python main.py Updaters.exe Archive.rar`

2. Using custom decoy files:

`python main.py Updaters.exe Archive.rar --decoy README.md doc.txt`

**Explanation:**

- `<payload_file>`: The file you want to deliver via ADS.
- `<output_rar>`: The name of the generated RAR archive.
- `--decoy`: Optional list of decoy files; only the first file carries the payload via ADS.

---

## How It Works

1. Creates one or more decoy files.
2. Attaches the payload to the first decoy using **Alternate Data Streams (ADS)**.
3. Builds a base RAR archive including all decoys.
4. Patches the RAR headers to replace a placeholder with the target traversal path.
5. Recomputes CRCs so the archive remains valid.

文件快照


 [4.0K]  /data/pocs/766427555a1ee5978e65f70121d39574dc543a96
├── [8.7K]  main.py
└── [2.1K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。