Skip to main content

Posts

Showing posts from May, 2020

Zip IT! Study Case of Android ZipSlip Vulnerability (day 92) ~(˘▾˘~)

This blog post was inspired by https://www.youtube.com/watch?v=Ry_yb5Oipq0 (Critical .zip vulnerabilities? - Zip Slip and ZipperDown) (Image source: https://media.makeameme.org/created/zip-it.jpg ) I stumbled this video when I was looking for a new tutorial video of security on youtube. It got my attention since I haven't heard any vulnerabilities that associated with a ZIP file, I proceed to watch the video and it blows my mind. It turns out there is a malicious "way" that you can do to craft a zip file so it can cause directory traversal attack and what makes more interesting is that this vulnerability affect multiple libraries and programming language Background: I get to the bottom of this to get more understanding of the attack so I download the technical white paper and start reading it thoroughly-ish....( whitepaper link ). Originally "Zipslip" vulnerability was discovered and responsibly disclosed by the Snyk Security team on 5th June 2018,...