ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-18 17:28:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #119 from Hi15358/master

Browse Source 
Updated Insecure Deserialization/Java.md and Created Zip Slip in Upload Insecure Files
This commit is contained in:
Swissky 2019-10-30 09:05:22 +01:00 committed by GitHub
commit 952b3c0369
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Insecure Deserialization/Java.md
View File

@ -63,10 +63,12 @@ JRE8u20_RCE_Gadget
JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool, [https://github.com/joaomatosf/jexboss](https://github.com/joaomatosf/jexboss)
ysoserial-modified [https://github.com/pimps/ysoserial-modified](https://github.com/pimps/ysoserial-modified)
## References
- [Github - ysoserial](https://github.com/frohoff/ysoserial)
- [Java-Deserialization-Cheat-Sheet - GrrrDog](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md)
- [Understanding & practicing java deserialization exploits](https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/)
- [How i found a 1500$ worth Deserialization vulnerability - @D0rkerDevil](https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a)
- [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - 14 Aug 2017, Peter Stöckli](https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html)
- [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - 14 Aug 2017, Peter Stöckli](https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html)

35
Upload Insecure Files/Zip Slip/README.md Normal file
View File

@ -0,0 +1,35 @@
# Zip Slip
> The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../shell.php). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victims machine.
## Summary
- [Detection](#detection)
- [Tools](#tools)
* [Exploits](#exploits)
* [Basic Exploit](#basic-exploit)
- [Additional Notes](#additional-notes)
## Detection
- Any zip upload page on the application
## Tools
- evilarc [https://github.com/ptoomey3/evilarc](https://github.com/ptoomey3/evilarc)
## Exploits
### Basic Exploit
```python
python evilarc.py shell.php -o unix -f shell.zip -p var/www/html/ -d 15
```
### Additional Notes
- For affected libraries and projects, visit https://github.com/snyk/zip-slip-vulnerability
## References
- [Zip Slip Vulnerability - Snyk Ltd, 2019](https://snyk.io/research/zip-slip-vulnerability)
- [Zip Slip - snyk, 2019](https://github.com/snyk/zip-slip-vulnerability)