Winrar 5.80 xml external entity injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-10-21 |
Type : local |
Platform : xml
This exploit / vulnerability Winrar 5.80 xml external entity injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: winrar 5.80 - XML External Entity Injection
# Exploit Author: hyp3rlinx
# Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe
# Version: 5.80
# Tested on: Microsoft Windows Version 10.0.18362.418 64bit
# POC
1- python -m SimpleHTTPServer (listens Port 8000)
2- open winrar or any file.rar
3- help
4- help topics
5- Drag the exploit to the window