Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload a malicious symlink in a zip file #991

Open
ImanSharaf opened this issue Nov 10, 2022 · 2 comments
Open

Upload a malicious symlink in a zip file #991

ImanSharaf opened this issue Nov 10, 2022 · 2 comments
Labels
help wanted new New content to write

Comments

@ImanSharaf
Copy link

I was checking this HackerOne report with a $29000 bounty and I found it very interesting. This is different than Zip Slip. In case of Zip Slip we can inject .. in the file path so we can extract our file in a wrong place. In this report, the attacker crafts a malicious symlink to /etc/passwd when the backend extracts it untar_zxf function only changes the permissions and extract the symlink as is, so the attacker was able to read the passwd file!
I believe we need to add this technique to the WSTG!
@ImanSharaf ImanSharaf added help wanted new New content to write labels Nov 10, 2022
@ImanSharaf ImanSharaf changed the title Upload malicious symlink in a zip file Upload a malicious symlink in a zip file Nov 10, 2022
@ThunderSon
Copy link
Collaborator

Hi Iman! Thanks for flagging this for us.

I had a quick look at it, and still need more time around it to review it :)

@ImanSharaf
Copy link
Author

Hi @ThunderSon, is there any update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted new New content to write
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ThunderSon @ImanSharaf