Metasploit modules that can be used to exploit Rarlab products
-
WinRAR CVE-2023-38831 Exploit
Disclosure Date: 2023-08-23First seen: 2023-09-11exploit/windows/fileformat/winrar_cve_2023_38831This module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution. Authors: - Alexander "xaitax" Hagenah -
UnRAR Path Traversal in Zimbra (CVE-2022-30333)
Disclosure Date: 2022-06-28First seen: 2022-12-23exploit/linux/http/zimbra_unrar_cve_2022_30333This module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on the following versions of Zimbra, provided UnRAR version 6.11 or earlier is installed: * Zimbra Collaboration 9.0.0 Patch 24 (and earlier) * Zimbra Collaboration 8.8.15 Patch 31 (and earlier) Authors: - Simon Scannell - Ron Bowes -
UnRAR Path Traversal (CVE-2022-30333)
Disclosure Date: 2022-06-28First seen: 2022-12-23exploit/linux/fileformat/unrar_cve_2022_30333This module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRAR'ed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path. Authors: - Simon Scannell - Ron Bowes -
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
Disclosure Date: 2019-02-05First seen: 2020-04-26exploit/windows/fileformat/winrar_aceIn WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell. Authors: - Nadav Grossman - Imran E. Dawoodjee <imrandawoodjee.infosec@gmail.com>
4 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details