Full Disclosure mailing list archives
Express Zip <= 2.40 Path Traversal
From: Rio Sherri <rio.sherri () fshnstudent info>
Date: Fri, 8 Apr 2016 00:17:42 +0200
#!/usr/bin/python -w # Title : Express Zip <= 2.40 Path Traversal # Date : 07/04/2016 # Author : R-73eN # Tested on : Windows Xp / Windows 7 Ultimate # Software Link : http://www.nchsoftware.com/zip/ # Download Link: http://www.nchsoftware.com/zip/zipplus.exe # Vulnerable Versions : Express Zip <= 2.40 # Express Zip doesn't validates " ..\ " which makes possible # to do a path traversal attack which can be converted easily to RCE # How to Reproduce: # 1- Run Exploit # 2- Right Click evil.zip go to Express Zip and click Extract Here # 3- File will be extracted to the root of the partition in this case C:\POC.txt # This quick and dirt code is written only for demonstration purposes. # If you wanna profit from it you must modify it. # Video: https://www.youtube.com/watch?v=kb43h8Hoo0o
Attachment:
exploit.py
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Express Zip <= 2.40 Path Traversal Rio Sherri (Apr 08)