Yet Another Zip Trick

原始链接: https://hackarcana.com/article/yet-another-zip-trick

Login Redeem items Profile Settings Log out Login | | | : [email protected] HexArcana

A Hacker News discussion revolves around a newly discovered "schizophrenic" ZIP trick, where a single ZIP file unpacks differently depending on the ZIP implementation used. The original poster described the trick at hackarcana.com. Users discuss its potential exploits, like bypassing security scanners by creating ZIPs that appear innocent to the scanner but unpack into malware by the email client. The feasibility hinges on different departments or software using different ZIP stacks. Some users suggest exploiting software responses as an oracle to tailor the ZIP file. Others mention that the problem isn't new, but the current post discusses a new technique. The consensus is that even a small success rate makes such exploits worthwhile, similar to spam. One user also speculated if this trick could be used to fake out Microsoft Word, since modern office files are ZIPs with different extensions.
相关文章
联系我们 contact @ memedata.com