From b36e5262bd5af2461a7112ab34ef45b190ebef38 Mon Sep 17 00:00:00 2001
From: Hi15358 <dillonbong@gmail.com>
Date: Wed, 30 Oct 2019 11:19:52 +0800
Subject: [PATCH 1/5] Create Readme

---
 Zip Slip/Readme | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 Zip Slip/Readme

diff --git a/Zip Slip/Readme b/Zip Slip/Readme
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/Zip Slip/Readme	
@@ -0,0 +1 @@
+

From bd121bfccb2d4cbe06ebcfd81b6c1bc293be1fa0 Mon Sep 17 00:00:00 2001
From: Hi15358 <dillonbong@gmail.com>
Date: Wed, 30 Oct 2019 11:24:35 +0800
Subject: [PATCH 2/5] Delete Readme

---
 Zip Slip/Readme | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 Zip Slip/Readme

diff --git a/Zip Slip/Readme b/Zip Slip/Readme
deleted file mode 100644
index 8b13789..0000000
--- a/Zip Slip/Readme	
+++ /dev/null
@@ -1 +0,0 @@
-

From 5f31044ae3ccdaeb5a4e67c4302dd7fcc88a81c1 Mon Sep 17 00:00:00 2001
From: Hi15358 <dillonbong@gmail.com>
Date: Wed, 30 Oct 2019 11:24:56 +0800
Subject: [PATCH 3/5] Create ReadMe.txt

---
 Upload Insecure Files/Zip Slip/ReadMe.txt | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 Upload Insecure Files/Zip Slip/ReadMe.txt

diff --git a/Upload Insecure Files/Zip Slip/ReadMe.txt b/Upload Insecure Files/Zip Slip/ReadMe.txt
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/Upload Insecure Files/Zip Slip/ReadMe.txt	
@@ -0,0 +1 @@
+

From 5fec4f7c21c9a416fd481120e246e49a5b3774a7 Mon Sep 17 00:00:00 2001
From: Hi15358 <dillonbong@gmail.com>
Date: Wed, 30 Oct 2019 11:36:09 +0800
Subject: [PATCH 4/5] Update Java.md

---
 Insecure Deserialization/Java.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Insecure Deserialization/Java.md b/Insecure Deserialization/Java.md
index f3606d1..5915688 100644
--- a/Insecure Deserialization/Java.md	
+++ b/Insecure Deserialization/Java.md	
@@ -63,10 +63,12 @@ JRE8u20_RCE_Gadget
 
 JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool, [https://github.com/joaomatosf/jexboss](https://github.com/joaomatosf/jexboss)
 
+ysoserial-modified [https://github.com/pimps/ysoserial-modified](https://github.com/pimps/ysoserial-modified)
+
 ## References
 
 - [Github - ysoserial](https://github.com/frohoff/ysoserial)
 - [Java-Deserialization-Cheat-Sheet - GrrrDog](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md)
 - [Understanding & practicing java deserialization exploits](https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/)
 - [How i found a 1500$ worth Deserialization vulnerability - @D0rkerDevil](https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a)
-- [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - 14 Aug 2017, Peter Stöckli](https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html)
\ No newline at end of file
+- [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - 14 Aug 2017, Peter Stöckli](https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html)

From 83569c614268dff78973e20b344192766fa0ed63 Mon Sep 17 00:00:00 2001
From: Hi15358 <dillonbong@gmail.com>
Date: Wed, 30 Oct 2019 12:07:50 +0800
Subject: [PATCH 5/5] Update and rename ReadMe.txt to README.md

---
 Upload Insecure Files/Zip Slip/README.md  | 35 +++++++++++++++++++++++
 Upload Insecure Files/Zip Slip/ReadMe.txt |  1 -
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 Upload Insecure Files/Zip Slip/README.md
 delete mode 100644 Upload Insecure Files/Zip Slip/ReadMe.txt

diff --git a/Upload Insecure Files/Zip Slip/README.md b/Upload Insecure Files/Zip Slip/README.md
new file mode 100644
index 0000000..39d647e
--- /dev/null
+++ b/Upload Insecure Files/Zip Slip/README.md	
@@ -0,0 +1,35 @@
+# Zip Slip
+
+> The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../shell.php). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. 
+
+## Summary
+
+- [Detection](#detection)
+- [Tools](#tools)
+* [Exploits](#exploits)
+  * [Basic Exploit](#basic-exploit)
+- [Additional Notes](#additional-notes)
+
+## Detection
+
+- Any zip upload page on the application
+
+## Tools
+
+- evilarc [https://github.com/ptoomey3/evilarc](https://github.com/ptoomey3/evilarc)
+
+## Exploits
+
+### Basic Exploit
+
+```python
+python evilarc.py shell.php -o unix -f shell.zip -p var/www/html/ -d 15
+```
+
+### Additional Notes
+- For affected libraries and projects, visit https://github.com/snyk/zip-slip-vulnerability
+
+## References
+
+- [Zip Slip Vulnerability - Snyk Ltd, 2019](https://snyk.io/research/zip-slip-vulnerability)
+- [Zip Slip - snyk, 2019](https://github.com/snyk/zip-slip-vulnerability)
diff --git a/Upload Insecure Files/Zip Slip/ReadMe.txt b/Upload Insecure Files/Zip Slip/ReadMe.txt
deleted file mode 100644
index 8b13789..0000000
--- a/Upload Insecure Files/Zip Slip/ReadMe.txt	
+++ /dev/null
@@ -1 +0,0 @@
-