Skip to content

tna0y/CVE-2018-1000802-PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

testdir

testdir

 
 

README.md

README.md

 
 

external_file.txt

external_file.txt

 
 

poc.py

poc.py

 
 

zipfile.py

zipfile.py

 
 

Repository files navigation

Python CVE-2018-1000802 Proof-of-Concept

This is a PoC for the vulnerability in make_archive function exported by shutil builtin module.

Vulnerability is present in CPython (Python) 2.7 prior to commit add531a1e55b0a739b0f42582f1c9747e5649ace.

For the vulnerability to be exploitable in the wild there are several conditions:

  1. Code must run on Windows machine;
  2. There must be a zip utility accessible via command line e.g. Zip for Windows;
  3. Import zipfile must fail.

Please see poc.py for code examples.

About

Python CVE-2018-1000802 Proof-of-Concept

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages