0xbro
2 supporters
Exploit Zip Slip vulnerability in python ...

Exploit Zip Slip vulnerability in python tarfile

Apr 25, 2022

Slippy is an easy difficulty web challenge from HackTheBox vulnerable to Zip Slip because of the insecure use of the TarFile’s python module “extractall”. Due to the absence of file name validation, it is possible to create a malicious archive containing path traversals in order to overwrite other files and obtain remote code execution.

You can find my notes here!

https://www.youtube.com/watch?v=8eXutSxYhOQ

Enjoy this post?

Buy 0xbro a coffee

More from 0xbro