Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-8088 PoC — WinRAR 安全漏洞

Source
https://github.com/walidpyh/CVE-2025-8088
Associated Vulnerability
Title:WinRAR 安全漏洞 (CVE-2025-8088)
Description:WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞,该漏洞源于路径遍历问题,可能导致任意代码执行。
Readme
# CVE-2025-8088 PoC (Educational Use Only)

Details about this CVE can be found at: https://nvd.nist.gov/vuln/detail/CVE-2025-8088

> ⚠️ **Warning:** This repository contains a proof-of-concept (PoC) for CVE-2025-8088.  
> It is intended **for educational purposes, research, and lab environments only**.  
> Do **not** use this code on systems you do not own or have explicit permission to test.

---

## Overview

This project demonstrates how an Alternate Data Stream (ADS) payload can be embedded into a WinRAR archive.  
It is designed to teach how certain Windows applications handle file streams and archive processing, specifically for **research and lab testing**.

**Key Points:**

- Works with **RAR5 format**.
- Supports **multiple decoy files** with **one payload**.
- Recomputes all RAR header CRCs to ensure the archive is valid.
- The payload is delivered via an **ADS attached to the first decoy file**.

---

## Disclaimer

This PoC is **not intended for malicious use**. Misuse can be illegal and unethical.  
Always run in a controlled lab environment or virtual machine.

---

## Prerequisites

- Windows Environment.
- [WinRAR](https://www.win-rar.com/download.html) installed.
- Python 3.10+

---

## Installation

Clone this repository:
```
git clone https://github.com/walidpyh/CVE-2025-8088.git
cd CVE-2025-8088
```

---

## Usage

```
python main.py <payload_file> <output_rar> [--decoy <decoy_file1> <decoy_file2> ...]
```

**Examples:**

1. Using the default decoy:

`python main.py Updaters.exe Archive.rar`

2. Using custom decoy files:

`python main.py Updaters.exe Archive.rar --decoy README.md doc.txt`

**Explanation:**

- `<payload_file>`: The file you want to deliver via ADS.
- `<output_rar>`: The name of the generated RAR archive.
- `--decoy`: Optional list of decoy files; only the first file carries the payload via ADS.

---

## How It Works

1. Creates one or more decoy files.
2. Attaches the payload to the first decoy using **Alternate Data Streams (ADS)**.
3. Builds a base RAR archive including all decoys.
4. Patches the RAR headers to replace a placeholder with the target traversal path.
5. Recomputes CRCs so the archive remains valid.
File Snapshot

 [4.0K]  /data/pocs/766427555a1ee5978e65f70121d39574dc543a96
├── [8.7K]  main.py
└── [2.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.