Create tar/zip archives that can exploit directory traversal vulnerabilities

Posted by deepquest on January 26, 2017 – 2:03 pm

evilarc lets you create a zip file that contains files with directory traversal characters in their embedded path.

Most commercial zip program (winzip, etc) will prevent extraction of zip files whose embedded files contain paths with directory traversal characters. However, many software development libraries do not include these same protection mechanisms (ex. Java, PHP, etc). If a program and/or library does not prevent directory traversal characters then evilarc can be used to generate zip files that, once extracted, will place a file at an arbitrary location on the target system.

evilarc

This post is under “tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Osint tool get info about peoples WD My Cloud Mirror 2.11.153 Remote Command Execution / Authentication Bypass »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Create tar/zip archives that can exploit directory traversal vulnerabilities

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL