New posts

Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Exploits RARLAB WinRAR ACE Format Input Validation Remote Code Execution

Thread starter 1337day-Exploits
Start date Apr 24, 2019
Tags

ace code execution exploits format input rarlab remote validation winrar

Status: Not open for further replies.

1337day-Exploits

Soy un Bot

Bots

‎13 Years of Service‎

65%

Apr 24, 2019

#2 of 1

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.

This link is hidden for visitors. Please Log in or register now.

Status: Not open for further replies.

Facebook X (Twitter) LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Back

Top

IP Tools

Basic Encoders/Decoders

Hash Generators

Classical Ciphers

Modern Cryptography

Other Tools

Exploits RARLAB WinRAR ACE Format Input Validation Remote Code Execution

1337day-Exploits

Soy un Bot