nuclei-templates/file/nodejs/zip-path-overwrite.yaml

29 lines
1.3 KiB
YAML

id: zip-path-overwrite
info:
name: Zip Path Overwrite
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure ZIP archive extraction can result in arbitrary path overwrite and can result in code injection.
tags: file,nodejs
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "require\\('unzip'\\)"
- "require\\('unzipper'\\)"
- "[\\w\\W]+?\\.pipe\\([\\w\\W]+?\\.Parse\\([\\w\\W]*?\\)\\)\\.on\\('entry', function [\\w\\W]*?\\([\\w\\W]*?\\) \\{"
- "[\\w\\W]+? = [\\w\\W]+?\\.indexOf\\([\\w\\W]*?\\)"
- "[\\w\\W]+?\\.pipe\\([\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\)\\)"
- "[\\w\\W]+?\\.pipe\\([\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\)\\)"
- "[\\w\\W]+?\\.pipe\\([\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\)\\)"
- "[\\w\\W]+?\\.Parse\\([\\w\\W]*?\\)\\.on\\('entry', function [\\w\\W]*?\\([\\w\\W]*?\\) \\{"
- "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\)"
condition: or
# digest: 4a0a00473045022047f3632b4b629a718f03f122923ecb7a440173d05eff63495de945c7eecaa959022100c898c664cdbf7a53469f2d4f41fb76df1580af59737082875247e0e42a4d70c8:922c64590222798bb761d5b6d8e72950