Skip to content

Proof-of-Concept for CVE-2023-38831 Zero-Day vulnerability in WinRAR

License

Notifications You must be signed in to change notification settings

z3r0sw0rd/CVE-2023-38831-PoC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2023-38831 PoC

This repository is just a Proof-of-Concept for CVE-2023-38831 Zero-Day vulnerability in WinRAR

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023

 

How to use

Usage: 
- poc.py [-h] scriptPath benignPath zipDirectory fname

CVE-2023-38831 Zero-Day Vulnerability in WinRAR - PoC

positional arguments:
  scriptPath    The Filepath of the Malicious script/batch which will be executed
  benignPath    The Filepath of the Benign file (recommended in '.jpg', '.png' and '.pdf')
  zipDirectory  The Name of the Directory which will be Created and Zipped
  fname         The Names of the Folder and File in the Zip (including the file extension)

options:
  -h, --help    show this help message and exit

 

Proof-of-Concept (PoC)

  1. Download and Install vulnerable version (i.e. WinRAR < 6.23) from https://www.win-rar.com/download.html (There is an .exe file of WinRAR 6.02 in this folder)
  2. Prepare the benign/bait file (e.g. sample.png) and malicious script (e.g. script.bat)
  3. Run python3 poc.py script.bat sample.PNG PoC sample.png to generate the exploit in .zip
  4. Open the Zip file using the vulnerable version of WinRAR installed
  5. Double Click the Benign file (i.e. sample.png) as shown in the demo

 

Demo

demo

 

Reference

https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/

https://github.com/b1tg/CVE-2023-38831-winrar-exploit

About

Proof-of-Concept for CVE-2023-38831 Zero-Day vulnerability in WinRAR

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published