Videos

Published on June 10th, 2018 📆 | 2274 Views ⚑

0

Critical .zip vulnerabilities? – Zip Slip and ZipperDown


TTS


What is going on with .zip files. What is this new critical vulnerability that seems to affect everything? ... old is new again.

Resources:
- ZipperDown: https://zipperdown.org/
- Zip Slip: https://snyk.io/research/zip-slip-vulnerability
- Zip Specification: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
- The Complete Guide to Hacking WWIV: http://phrack.org/issues/34/5.html#article
- Go library Fix Bypass: https://github.com/mholt/archiver/pull/65#issuecomment-395988244

Gynvael:
- Hacking Livestream #53: The ZIP file format https://www.youtube.com/watch?v=X7j2sisMKzk
- Ten thousand security pitfalls: the ZIP file format http://gynvael.coldwind.pl/?id=682
- GynvaelEN Channel: https://www.youtube.com/GynvaelEN
- Twitter: https://twitter.com/gynvael

Ange Albertini / Corkami
- Funky Fileformats Talk: https://www.youtube.com/watch?v=hdCs6bPM4is
- Funky Fileformats Slides: https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2562/original/Funky_File_Formats.pdf
- Twitter: https://twitter.com/angealbertini / https://twitter.com/corkami

-=[ ? Stuff I use ]=-

→ Microphone:* https://amzn.to/2LW6ldx
→ Graphics tablet:* https://amzn.to/2C8djYj
→ Camera#1 for streaming:* https://amzn.to/2SJ66VM
→ Lens for streaming:* https://amzn.to/2CdG31I
→ Connect Camera#1 to PC:* https://amzn.to/2VDRhWj
→ Camera#2 for electronics:* https://amzn.to/2LWxehv
→ Lens for macro shots:* https://amzn.to/2C5tXrw
→ Keyboard:* https://amzn.to/2LZgCFD
→ Headphones:* https://amzn.to/2M2KhxW

-=[ ❤️ Support ]=-





→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ ? Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ ? P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CVE #SecurityResearch


2018-06-10 20:00:32

source

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑