Ange reminded me that I never published the English version of the slides from my "Ten Thousand Traps: ZIP, RAR, etc" talk. I gave the talk in May this year, in Krakow, on a small Polish conference called SEConference. Apart from the slides there are also several "weird" ZIP examples, including a "schizophrenic" (as Ange calles them - and it's an accurate and easy to remember name) abstract.zip, which seems to contain different files while viewing it under various ZIP parsers/libraries/unpackers (see slides 24 to 27 for results).

Download links:

 • the slides (2.8 Mb)
 • the weird zips (14 Kb)

I don't have this talk recorded in English, but you can see the demos in the recording of my Polish talk (in Polish) - see below.

 • DEMO 1 at 2:00 - Unreal Commander exploit (ZIP unpack path traversal into DLL spoofing due to wrong directory privileges).
 • DEMO 2 at 12:23 - Abstract.zip viewed from Python, PHP and Java.
 • DEMO 3 at 18:18 - File names in ZIP, exploit from DEMO 1 explained.
 • DEMO 4 at 21:15 - Files with same name in ZIP.
 • DEMO 5 at 26:10 - Memory content disclosure in Unreal Commander.



And that's it.

P.S. If you're into ZIP files, you might want to check out the Android "Master Key" bug (and other) - just google for it.

Add a comment:

Nick:
URL (optional):
Math captcha: 8 ∗ 7 + 8 =