Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

StuffIt and ZipMagic Family of products Directory traversal

from [h e] Network Security [Permanent Link]
Subject: StuffIt and ZipMagic Family of products Directory traversal
Date: Fri, 24 Feb 2006 05:59:49 -0800 (PST) 
StuffIt and ZipMagic Family of products Directory
traversal 

The StuffIt and ZipMagic Family of products is
designed to meet any level of compression needs; from
basic expansion to advanced archive manipulation,
to automating routine compression tasks, and even
building compression into a software application. Scan
the list of products below to find just the right
StuffIt for you! 
www.stuffit.com

Credit:
The information has been provided by Hamid Ebadi
( Hamid Network Security Team) : admin@hamid.ir.
The original article can be found at :
http://hamid.ir/security

Vulnerable Systems:
StuffIt Standard® 9.0 
StuffIt Deluxe® 9.0 
ZipMagic Deluxe® 9.0
StuffIt Expanderâ?¢ 
(9.0.0.21 Engine 9.0.0.21)

Detail :
Directory traversal while extracting (TAR),(ZIP) 

What is  Directory traversal in archivers?

that allowed one to create malicous archive files,
which would overwrite system files or place dangerous
files in defined directory(example :shell.php in
wwwroot directory)
This could be abused by sending an archive to a local
user who would unzip / untar an archive, the archive
would then be able to overwrite any file to which the
user has write permissions, thus it could also be
abused if a system ran som antivirus software which
automatically opened archive files.

harmless exploit:
use HEAP [Hamid Evil Archive Pack]
you can find it from Hamid Network Security Team:

http://www.hamid.ir/tools/

want to know more ?
http://www.hamid.ir/paper

Signature
 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • StuffIt and ZipMagic Family of products Directory traversal, h e <=
Previous by Date:  WinAce Archiver v2.6 Directory traversal, h e
Next by Date:  SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal, h e
Previous by Thread:  WinAce Archiver v2.6 Directory traversal, h e
Next by Thread:  SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal, h e
Indexes:  [Date] [Thread] [Top] [All Lists]