Rubyzip insecure ZIP handling & Metasploit RCE (CVE-2019-5624)
voidsec2022-01-14T09:13:52+01:00
This is a re-posting of the original article "On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624)" that I have wrote on
Doyensec
During one of our projects we had the opportunity to audit a Ruby-on-Rails (RoR) web application handling zip files using the
Rubyzip gem. Zip files have always been an interesting entrypoint to triggering multiple vulnerability types, including path traversals and symlink file overwrite attacks. As the library under testing had...