| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Feb 2006 05:57:52 -0800 (PST) From: h e <het_ebadi@...oo.com> To: bugtraq@...urityfocus.com, bugs@...uritytracker.com, support@...unia.com, "content-editor@...urityfocus.com" <content-editor@...urityfocus.com>, "editor@...urityfocus.com" <editor@...urityfocus.com>, "expert@...uriteam.com" <expert@...uriteam.com>, "news-editor@...urityfocus.com" <news-editor@...urityfocus.com>, "vuldb@...urityfocus.com" <vuldb@...urityfocus.com>, "vuln@...unia.com" <vuln@...unia.com>, "webmaster@...unia.com" <webmaster@...unia.com>, "webmaster@...urityfocus.com" <webmaster@...urityfocus.com> Subject: Archive_Tar v 1.2(Tested) (Tar file management class) Directory traversal Archive_Zipr (Zip file management class) Directory traversal This class provides handling of tar files in PHP. It supports creating, listing, extracting and adding to tar files. Gzip support is available if PHP has the zlib extension built-in or loaded. Bz2 compression is also supported with the bz2 extension loaded. http://www.phpconcept.net http://www.zend.com/pear/whoiswho.php?pkg=Archive_Tar http://pear.php.net/package/Archive_Tar Credit: The information has been provided by Hamid Ebadi ( Hamid Network Security Team) : admin@...id.ir. The original article can be found at : http://hamid.ir/security Vulnerable Systems: Tested on zip.lib.php v 1.1 Detail : Directory traversal while extracting (.ZIP) What is Directory traversal in archivers? that allowed one to create malicous archive files, which would overwrite system files or place dangerous files in defined directory(example :shell.php in wwwroot directory) This could be abused by sending an archive to a local user who would unzip / untar an archive, the archive would then be able to overwrite any file to which the user has write permissions, thus it could also be abused if a system ran som antivirus software which automatically opened archive files. harmless exploit: use HEAP [Hamid Evil Archive Pack] you can find it from Hamid Network Security Team: http://www.hamid.ir/tools/ want to know more ? http://www.hamid.ir/paper Signature __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Powered by blists - more mailing lists