ZIP Shotgun – Utility Script To Test Zip File Upload Functionality (And Possible Extraction Of Zip Files) For Vulnerabilities

Utility script to check zip report add capability (and conceivable extraction of zip information) for vulnerabilities. Idea for this script comes from this put up on Silent Signal Techblog – Compressed File Upload And Command Execution and from OWASP – Test Upload of Malicious Files
This script will create archive which incorporates information with “../” in filename. When extracting this may motive information to be extracted to previous directories. It can permit attacker to extract shells to directories which will also be accessed from internet browser.
Default webshell is wwwolf’s PHP internet shell and the entire credit score for it is going to WhiteWinterWolf. Source is to be had HERE

Download Zip-Shotgun

Published by Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).