Skip to content
/ MAL-005 Public

MAL-005: Zip Slip in Add Carbon Applications in WSO2 ESB

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbadanoiu/MAL-005

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
WSO2 ESB - MAL-005.pdf
WSO2 ESB - MAL-005.pdf
 
 

Repository files navigation

MAL-005: Zip Slip in Add Carbon Applications in WSO2 ESB

A ZIP file based directory traversal (Zip Slip) vulnerability was identified in the "Carbon Applications" add feature of WSO2 ESB. Remote code execution may be obtained by writing/overwriting specific files.

Why no CVE?

The vendor replied that this vulnerability was "Fixed in WUM" and no public disclosure was made.

Requirements:

This vulnerability requires:

  • Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

MAL-005: Zip Slip in Add Carbon Applications in WSO2 ESB

Topics

authenticated remote-code-execution zip-slip

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository