Full Disclosure mailing list archives

Express Zip <= 2.40 Path Traversal

From: Rio Sherri <rio.sherri () fshnstudent info>
Date: Fri, 8 Apr 2016 00:17:42 +0200

#!/usr/bin/python -w
# Title : Express Zip <= 2.40 Path Traversal
# Date : 07/04/2016
# Author : R-73eN
# Tested on : Windows Xp / Windows 7 Ultimate
# Software Link : http://www.nchsoftware.com/zip/
# Download Link: http://www.nchsoftware.com/zip/zipplus.exe
# Vulnerable Versions : Express Zip <= 2.40
# Express Zip doesn't validates " ..\ " which makes possible
# to do a path traversal attack which can be converted easily to RCE
# How to Reproduce:
# 1- Run Exploit
# 2- Right Click evil.zip go to Express Zip and click Extract Here
# 3- File will be extracted to the root of the partition in this case
C:\POC.txt
# This quick and dirt code is written only for demonstration purposes.
# If you wanna profit from it you must modify it.
# Video: https://www.youtube.com/watch?v=kb43h8Hoo0o

Attachment: exploit.py
Description:


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Express Zip <= 2.40 Path Traversal Rio Sherri (Apr 08)