POC详情: a62cb22fef3cedd2b5039dcb774f5ff1ff041852

来源
https://github.com/z3r0sw0rd/CVE-2023-38831-PoC
关联漏洞
标题: WinRAR 安全漏洞 (CVE-2023-38831)
描述:WinRAR是一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 RARLabs WinRAR 6.23之前版本存在安全漏洞。攻击者利用该漏洞可以执行任意代码。
描述
Proof-of-Concept for CVE-2023-38831 Zero-Day vulnerability in WinRAR
介绍
# CVE-2023-38831 PoC

This repository is just a Proof-of-Concept for **CVE-2023-38831**  Zero-Day vulnerability in WinRAR

> RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023

 

## How to use

```bash
Usage: 
- poc.py [-h] scriptPath benignPath zipDirectory fname

CVE-2023-38831 Zero-Day Vulnerability in WinRAR - PoC

positional arguments:
  scriptPath    The Filepath of the Malicious script/batch which will be executed
  benignPath    The Filepath of the Benign file (recommended in '.jpg', '.png' and '.pdf')
  zipDirectory  The Name of the Directory which will be Created and Zipped
  fname         The Names of the Folder and File in the Zip (including the file extension)

options:
  -h, --help    show this help message and exit
```

 

## Proof-of-Concept (PoC)
1. Download and Install vulnerable version (i.e. **WinRAR < 6.23**) from [https://www.win-rar.com/download.html](https://www.win-rar.com/download.html) (There is an **.exe** file of **WinRAR 6.02** in this [folder](./WinRAR))
2. Prepare the **benign/bait file** (e.g. sample.png) and **malicious script** (e.g. script.bat)
3. Run  ```python3 poc.py script.bat sample.PNG PoC sample.png``` to generate the exploit in **.zip**
4. **Open** the Zip file using the vulnerable version of WinRAR installed
5. Double Click the **Benign file** (i.e. sample.png) as shown in the demo

&nbsp;

## Demo

![demo](./images/demo.png)

&nbsp;

## Reference

[https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/](https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/)

[https://github.com/b1tg/CVE-2023-38831-winrar-exploit](https://github.com/b1tg/CVE-2023-38831-winrar-exploit)
文件快照

 [4.0K]  /data/pocs/a62cb22fef3cedd2b5039dcb774f5ff1ff041852
├── [4.0K]  images
│   └── [113K]  demo.png
├── [1.0K]  LICENSE
├── [3.9K]  poc.py
├── [ 10K]  poc.zip
├── [2.1K]  README.md
├── [ 10K]  sample.PNG
├── [   8]  script.bat
└── [4.0K]  WinRAR
    └── [3.2M]  winrar-x64-602.exe

2 directories, 8 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。