[37m|08written by xqtr of another droid bbs ! andr01d.zapto.org:9999|07

have you heard of zipslip vulnerability? no? read the following paragraph from
the company claiming to find this vulnerability. note the date! ;)

[1;31mhttps://snyk.io/research/zip-slip-vulnerability[0m
[33mZip Slip is a widespread arbitrary file overwrite critical vulnerability, [0m
[33mwhich typically results in remote command execution. It was discovered and [0m
[33mresponsibly disclosed by the Snyk Security team ahead of a public disclosure[0m
[33mon [1;35m5th June 2018[0;33;40m, and affects thousands of projects, including ones from HP,[0m
[33mAmazon, Apache, Pivotal and many more (CVEs and full list here) . Of course,[0m
[33mthis type of vulnerability has existed before, but recently it has manifested[0m
[33mitself in a much larger number of projects and libraries.[0m

[33mThe vulnerability is exploited using a specially crafted archive that holds[0m
[33mdirectory traversal filenames (e.g. ../../evil.sh). The Zip Slip vulnerability[0m
[33mcan affect numerous archive formats, including tar, jar, war, cpio, apk, rar[0m
[33mand 7z.[0m

so... it seems that this slipzip vuln. is a big thing and we must thank snyk
that saved as... :O but before thank them... go grab issue 34 of [1;32mphrack[0;37;40m 
magazine and read article #5, technique #3

                [1;36mhttp://phrack.org/issues/34/5.html#article[0m
                
do you find any resembles? :) actually its the same thing! an attack that
dates from 1991 and was meant to hurt wwiv boards, is still open/active and
can be used to attack modern systems like iphones, java apps and more! the 
tragic thing about, is that the above company thinks, that they found it 
first... hahahahaa :`````)

the attack is very simple and you only need to create a zip archive and a hex
editor. i tried it in a mystic bbs (mine), but thankfuly it didn't work. if
you want to try it your self, follow the guide at phrack mag. if you read 
the tutorials about hex editing, from null magazine, you should be able to 
do it :)

if you don't learn history, then history has a funny way to repeat its self.
do you agree? 
