Some programs may refuse to open such modified ZIP files (but if so, they're technically violating the ZIP format spec), or they may identify the file as something other than a ZIP file by default, but generally, if you feed such a file into code that expects a ZIP file, it will probably be accepted as one.Ī more common malicious use of such tricks is to disguise exploit code in a ZIP-based container (e.g.
This trick is legitimately used to create self-extracting ZIP files, but it's perfectly possible to prepend any other hidden data or executable code into a ZIP file in the same way. using _halt_compiler()) that PHP won't try to parse the appended ZIP archive data. It's not even particularly hard just concatenate the PHP code and the ZIP file, and make sure (e.g. A ZIP archive remains valid even if you prepend arbitrary data to it, so it's quite possible to create a file that is simultaneously a valid ZIP archive containing innocent data and also a malicious PHP script. While you're probably right in this case, your assumption might not always hold. Since I'm able to uncompress the files on my mac I assume these are real zip files and not just something like renamed php files.
0 kommentar(er)
