admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ae19eda42ea7beafc4428e4b09f71965bbe7bc5e
nuclei-templates/file/nodejs/admzip-path-overwrite.yaml
ghost 5f08fc26d3 chore: sign templates 🤖
2024-12-01 13:57:55 +00:00

21 lines
844 B
YAML
Raw Blame History

id: admzip-path-overwrite
info:
name: Admzip Path Overwrite
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure ZIP archive extraction using adm-zip can result in arbitrary path over write and can result in code injection.
tags: file,nodejs,admzip
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "require\\\\('adm-zip'\\\\)"
- "\\.forEach\\(function .*\\(.*, \\.\\*\\) \\{"
- "\\.createWriteStream\\(.*\\) \\}, \\.\\*\\)"
- "\\.writeFile\\(.*\\)"
- "\\.writeFileSync\\(.*\\) \\}, \\.\\*\\)"
condition: or
# digest: 490a00463044022061517677a0b41a2048a4ca951bba30d615fe02b7791d2e1a33d1f771f6f4da6f02204501001dfc2023b6991ba087accb1c0fc74c9c443dd212be4566ebbd7a5c6207:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink