Mirrors/PayloadsAllTheThings
6
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2024-07-05 18:01:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7e4a38a1a5
PayloadsAllTheThings/Upload Insecure Files/Zip Slip/README.md
Markus 950114b9e6
Zip Slip: Add slipit to tools
2022-10-03 18:19:28 +02:00

38 lines
1.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Zip Slip
> The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../shell.php). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victims machine.
## Summary
* [Detection](#detection)
* [Tools](#tools)
* [Exploits](#exploits)
* [Basic Exploit](#basic-exploit)
* [Additional Notes](#additional-notes)
## Detection
- Any zip upload page on the application
## Tools
- [evilarc](https://github.com/ptoomey3/evilarc)
- [slipit](https://github.com/usdAG/slipit)
## Exploits
### Basic Exploit
Using evilarc:
```python
python evilarc.py shell.php -o unix -f shell.zip -p var/www/html/ -d 15
```
### Additional Notes
- For affected libraries and projects, visit https://github.com/snyk/zip-slip-vulnerability
## References
- [Zip Slip Vulnerability - Snyk Ltd, 2019](https://snyk.io/research/zip-slip-vulnerability)
- [Zip Slip - snyk, 2019](https://github.com/snyk/zip-slip-vulnerability)
Reference in New Issue View Git Blame Copy Permalink