2018-06-10

[public] 141K views, 6.49K likes, 71.0 dislikes audio only

LiveOverflow

What is going on with .zip files. What is this new critical vulnerability that seems to affect everything? ... old is new again.

Resources:

- ZipperDown: https://zipperdown.org/

- Zip Slip: https://snyk.io/research/zip-slip-vulnerability

- Zip Specification: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT

- The Complete Guide to Hacking WWIV: http://phrack.org/issues/34/5.html#article

- Go library Fix Bypass: https://github.com/mholt/archiver/pull/65#issuecomment-395988244

Gynvael:

- Hacking Livestream #53: The ZIP file format https://www.youtube.com/watch?v=X7j2sisMKzk

- Ten thousand security pitfalls: the ZIP file format http://gynvael.coldwind.pl/?id=682

- GynvaelEN Channel: https://www.youtube.com/GynvaelEN

- Twitter: https://twitter.com/gynvael

Ange Albertini / Corkami

- Funky Fileformats Talk: https://www.youtube.com/watch?v=hdCs6bPM4is

- Funky Fileformats Slides: https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2562/original/Funky_File_Formats.pdf

- Twitter: https://twitter.com/angealbertini / https://twitter.com/corkami

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/

=[ 📄 P.S. ]=

#CVE #SecurityResearch