floyd-fuh
commented
5 years ago Please read the README at https://github.com/modzero/mod0BurpUploadScanner/blob/master/README.md#path-traversal-module this is already implemented, however the redownload has definitely room for improvement for this module. And depending on what kind of files it unpacks from zips this will anyway need manual (post-)exploitation. Moreover as this extension uploads various zip files the server will have several files created which could be found. In any case this is rather rarely encountered in the wild.
is it possible to implement if this is not existing ?
https://github.com/jpiechowka/zip-shotgun
Utility script to test zip file upload functionality (and possible extraction of zip files) for vulnerabilities. Idea for this script comes from this post on Silent Signal Techblog - Compressed File Upload And Command Execution and from OWASP - Test Upload of Malicious Files
This script will create archive which contains files with "../" in filename. When extracting this could cause files to be extracted to preceding directories. It can allow attacker to extract shells to directories which can be accessed from web browser.