Critical .zip vulnerabilities? - Zip Slip and ZipperDown
What is going on with .zip files. What is this new critical vulnerability that seems to affect everything? ... old is new again.
Resources:
- ZipperDown: https://zipperdown.org/
- Zip Slip: https://snyk.io/research/zip-slip-vul...
- Zip Specification: https://pkware.cachefly.net/webdocs/c...
- The Complete Guide to Hacking WWIV: http://phrack.org/issues/34/5.html#ar...
- Go library Fix Bypass: https://github.com/mholt/archiver/pul...
Gynvael:
- Hacking Livestream #53: The ZIP file format https://www.youtube.com/watch?v=X7j2s...
- Ten thousand security pitfalls: the ZIP file format http://gynvael.coldwind.pl/?id=682
- GynvaelEN Channel: https://www.youtube.com/GynvaelEN
- Twitter: https://twitter.com/gynvael
Ange Albertini / Corkami
- Funky Fileformats Talk: https://www.youtube.com/watch?v=hdCs6...
- Funky Fileformats Slides: https://events.ccc.de/congress/2014/F...
- Twitter: https://twitter.com/angealbertini / https://twitter.com/corkami
--------------------------------------
Twitter: https://twitter.com/LiveOverflow
Website: http://liveoverflow.com/
Subreddit: https://www.reddit.com/r/LiveOverflow/
Facebook: https://www.facebook.com/LiveOverflow/
Reviewed by Anonymous
on
June 10, 2018
Rating:
