08written by xqtr of another droid bbs ! andr01d.zapto.org:999907
have you heard of zipslip vulnerability? no? read the following paragraph from
the company claiming to find this vulnerability. note the date!
https://snyk.io/research/zip-slip-vulnerability
Zip Slip is a widespread arbitrary file overwrite critical vulnerability,
which typically results in remote command execution. It was discovered and
responsibly disclosed by the Snyk Security team ahead of a public disclosure
on 5th June 2018, and affects thousands of projects, including ones from HP,
Amazon, Apache, Pivotal and many more CVEs and full list here . Of course,
this type of vulnerability has existed before, but recently it has manifested
itself in a much larger number of projects and libraries.
The vulnerability is exploited using a specially crafted archive that holds
directory traversal filenames e.g. ../../evil.sh. The Zip Slip vulnerability
can affect numerous archive formats, including tar, jar, war, cpio, apk, rar
and 7z.
so... it seems that this slipzip vuln. is a big thing and we must thank snyk
that saved as... :O but before thank them... go grab issue 34 of phrack
magazine and read article 5, technique 3
http://phrack.org/issues/34/5.htmlarticle
do you find any resembles? : actually its the same thing! an attack that
dates from 1991 and was meant to hurt wwiv boards, is still open/active and
can be used to attack modern systems like iphones, java apps and more! the
tragic thing about, is that the above company thinks, that they found it
first... hahahahaa :
the attack is very simple and you only need to create a zip archive and a hex
editor. i tried it in a mystic bbs mine, but thankfuly it didnt work. if
you want to try it your self, follow the guide at phrack mag. if you read
the tutorials about hex editing, from null magazine, you should be able to
do it :
if you dont learn history, then history has a funny way to repeat its self.
do you agree?