daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create zip-path-overwrite.yaml

patch-1
Prince Chaddha 2022-12-22 16:24:01 +05:30 committed by GitHub
parent f9c773f0d7
commit d4c537af20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
file/nodejs/zip-path-overwrite.yaml Normal file
View File

@ -0,0 +1,28 @@
id: zip-path-overwrite
info:
name: Zip Path Overwrite
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure ZIP archive extraction can result in arbitrary path over write and can result in code injection.
tags: file,nodejs
file:
- extensions:
- all
extractors:
- type: regex
regex:
- "\\$X = require\\('unzip'\\)"
- "\\$X = require\\('unzipper'\\)"
- "\\$Y\\.pipe\\(\\$UNZIP\\.Parse\\(...\\)\\)\\.on\\('entry', function $FUNC\\(...\\) {"
- "\\$X = \\$FILENAME\\.indexOf\\(...\\)"
- "\\$FUNC\\.pipe\\(\\$FS\\.createWriteStream\\(\\$FIL, ...\\)\\)"
- "\\$FUNC\\.pipe\\(\\$FS\\.writeFile\\(\\$FIL, ...\\)\\)"
- "\\$FUNC\\.pipe\\(\\$FS\\.writeFileSync\\(\\$FIL, ...\\)\\)"
- "\\$UNZIP\\.Parse\\(...\\)\\.on\\('entry', function \\$FUNC\\(\\$ENTRY\\) {"
- "\\$FS\\.createWriteStream\\(\\$FIL, ...\\)"
- "\\$FS\\.writeFile\\(\\$FIL, ...\\)"
- "\\$FS\\.writeFileSync\\(\\$FIL, ...\\)"
condition: or