CVE-2022-24934 PoC — Kingsoft WPS 代码注入漏洞

Source

https://github.com/MagicPiperSec/WPS-CVE-2022-24934

Associated Vulnerability

Title:Kingsoft WPS 代码注入漏洞 (CVE-2022-24934)
Description:Kingsoft WPS是中国金山软件（Kingsoft）公司的一种办公软件。提供文件处理功能。 Kingsoft WPS Office的wpsupdater.exe 11.2.0.10382版本及之前版本存在安全漏洞，该漏洞源于wpsupdater.exe允许通过修改注册表中的HKEY_CURRENT_USER来远程执行代码。

Readme

## Warning 

THIS PROGRAM USE GENERIC WHICH IS INTRODUCED IN GO 1.18, UPGRADE YOUR COMPILER!

# CVE-2022-24934

Web Server for exploiting this vuln by utilizing wpsupdate.exe

Fake WPS Update Server PoC

Research Purpose Only.

## Download file

Set the file you want to send to client as environment variable: `HACK_WPS_FILENAME`

This malicious file should be "SigThief-ed" using Kingsoft original signed executable.

HTTP server will run on 80. Then run the program.

Since the malicious file checksum is requested by the client, you SHOULD restart server if you have changed the file.

# Build



## License

We will not take any responsibility for illegal usage.

You are not allowed for any illegal purpose.

GNU AGPL v3.0

## Additional note

This program contains `EICAR` virus testing signature, it is used to make sure nobody could use it to utilize directly.

File Snapshot


 [4.0K]  /data/pocs/feacd19d22d5da7a6290d714baa7232cc77891c3
├── [ 34K]  LICENSE
├── [ 13K]  packedSRC.7z
└── [ 870]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!