I was doing some digging into a ever-so-popular web application which will remain unidentified for the time being (to not spoil the solution to this challenge) to figure out how it was handling its much-touted "one-click self-update".
Internally, it polls a remote API (served over HTTP) for updates, then notifies the administrator and asks to download. If given consent by the site administrator, it will then download a ZIP archive and then attempt to unpack its files and overwrite local files with those provided in the ZIP.
As a hint, the URL to the remote ZIP archive is like follows:
- Code: Select all
In a spoiler'd reply, identify the vulnerability, and if you can (in a separate spoiler) provide a solution that protects against the attack vector.