Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Upload a malicious zip file can overwrite arbitary files >=v0.9.3.2 && <=0.9.4.1 #358
Generate malicious zip files
Upload evil.apk file
Done an initial analysis. It looks like an issue with Python
I was not able to replicate this. The
This is how MobSF do unzip:
@DominikSchlecht, Can you see if this issue can be reproduced on a Windows Box.(My Windows VMs are bit messed up). I couldn't reproduce this on OSX using Python 2.7.10
@ic3z: What is your Python version?
We should also investigate if the native os unzip binary have this issue:
In Mac all tests pass, on windows there is a problem with the tests itself ;) But manual tests showed good results for both windows and android apps.