This exploit demonstrates an XML External Entity (XXE) injection vulnerability in WinRAR 5.80. By crafting a malicious HTML file with an embedded XML payload, an attacker can force WinRAR to read local files (e.g., C:\Windows\system.ini) and exfiltrate their contents via an external DTD hosted on a controlled server.
Classification
Working Poc 95%
Target:
WinRAR 5.80
No auth needed
Prerequisites:
Victim must open WinRAR's help system and drag the malicious HTML file into the help window · Attacker must host a malicious DTD file on a controlled server