PEAR Archive_Tar Arbitrary File Write

Posted by deepcore on January 26, 2021 – 8:30 am

This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Backdoor.Win32.DarkKomet.bhfh Insecure Permissions Backdoor.Win32.Wollf.16 Hardcoded Password »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

PEAR Archive_Tar Arbitrary File Write

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL