WinRAR XSS

WinRAR XSS

WinRAR XSS Bahasa Indonesia | English | Boso Jowo | Basa Sunda |

A few days ago I found a Cross-site Scripting Vulnerability on WinRAR, now I want to share how I found the vulnerability.

What is WinRAR?

WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. (Source: en.wikipedia.org)

Okay, let's start
When I open the WinRAR, there is a window that seems to make an HTTP request to a web page.


Now I immediately open BurpSuite to capture HTTP requests made by WinRAR,


The window makes an HTTP request to the URL:
https://notifier.win-rar.com/?language=English&source=wrr&landingpage=first&version=600&architecture=64


I try to use my private XSS Scanner to find XSS vulnerabilities in the URL above,


Then, I tried XSS Payloads via Burp Suite,


XSS fire up in the WinRAR Window,


Video PoC:


#HappyHacking

Related Post: