来源

关联漏洞

描述

Proof-of-Concept (POC) of CVE-2023-38831 Zero-Day vulnerability in WinRAR

介绍

# CVE-2023-38831 (WinRAR) 
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

## How to use
Usage:
```
- poc.py [-h] scriptPath benignPath zipDirectory fname
```


Positional Arguments:
```
scriptPath    The Filepath of the Malicious script/batch which will be executed
benignPath    The Filepath of the Benign file (recommended in '.jpg', '.png' and '.pdf')
zipDirectory  The Name of the Directory which will be Created and Zipped
fname         The Names of the Folder and File in the Zip (including the file extension)
```

Options:
```
-h, --help    show this help message and exit
```

## Proof-of-Concept (PoC)
1. Download and Install vulnerable version (i.e. WinRAR < 6.23) from https://www.win-rar.com/download.html (There is an .exe file of WinRAR 6.02 in this folder)
2. Prepare the `benign/bait file (e.g. sample.png)` and `malicious script (e.g. script.bat)`
3. Run `python3 poc.py script.bat sample.PNG PoC sample.png` to generate the exploit in .zip
4. Open the Zip file using the vulnerable version of WinRAR installed.
5. Double Click the `Benign file (i.e. sample.png)` as shown in the demo.

## Demo

![demo](https://github.com/malvika-thakur/CVE-2023-38831-WinRAR-POC-/assets/60217652/9aaa6ff0-fef7-47ed-90f4-173a0dfb4316)

文件快照

 [4.0K]  /data/pocs/8a494156d5b59487192af5304eef7b26a8099ce3
├── [113K]  demo.png
├── [3.9K]  poc.py
├── [ 10K]  poc.zip
├── [1.6K]  README.md
├── [ 10K]  sample.PNG
├── [   8]  script.bat
└── [4.0K]  WinRAR
    └── [3.2M]  winrar-x64-602.exe

1 directory, 7 files

备注