CVE-2018-20250 PoC — WinRar 路径遍历漏洞

Source

https://github.com/QAX-A-Team/CVE-2018-20250

Associated Vulnerability

Title:WinRar 路径遍历漏洞 (CVE-2018-20250)
Description:In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Description

010 Editor template for ACE archive format & CVE-2018-2025[0-3]

Readme

# CVE-2018-2025[0-3]

010 Editor template for ACE archive format &amp; CVE-2018-2025[0-3]

ace.bt        010 editor template  
acefile.py    open source ace extractor, used for write template  
watchme.gif   demo  
wace269i      WinAce installer  
  
免责声明： 项目所有资源仅供技术研究使用。

File Snapshot


 [4.0K]  /data/pocs/88c1a0d333d14de88b44b6cb32723f5f2c9d93c7
├── [5.7K]  ace.bt
├── [154K]  acefile.py
├── [ 315]  README.md
├── [3.9M]  wace269i.exe
└── [5.4M]  watchme.gif

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!