WinRAR XSS
A few days ago I found a Cross-site Scripting Vulnerability on WinRAR, now I want to share how I found the vulnerability.
What is WinRAR?
WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. (Source: en.wikipedia.org)Okay, let's start
When I open the WinRAR, there is a window that seems to make an HTTP request to a web page.
Now I immediately open BurpSuite to capture HTTP requests made by WinRAR,
The window makes an HTTP request to the URL:
https://notifier.win-rar.com/?language=English&source=wrr&landingpage=first&version=600&architecture=64I try to use my private XSS Scanner to find XSS vulnerabilities in the URL above,
Then, I tried XSS Payloads via Burp Suite,
XSS fire up in the WinRAR Window,
Video PoC:
#HappyHacking Related Post: