Menu
From https://snyk.io/research/zip-slip-vulnerability
The contents of this zip file have to be hand crafted. Archive creation tools don’t typically allow users to add files with these paths, despite the zip specification allowing it. However, with the right tools, it’s easy to create files with these paths.
I want to create a test payload so that i can check few of my zip handling logic. But i cant find any leads on how to create one.
:~/Desktop # touch "../../../../../../../../tmp/evil.sh"
:~/Desktop # ll
:~/Desktop # ll /tmp/evil.sh
-rw-r--r-- 1 root root 0 Jun 14 09:27 /tmp/evil.sh
781
To access the test function, open the Unzip tab (the Zip pane must be the active pane). Click the top part of the Diagnostics button to test the Zip file and view a summary report. To receive a more detailed report, click on the bottom half of the Diagnostics button and click Detailed on the dropdown menu.
Zip Slip is a widespread critical archive extraction vulnerability, allowing attackers to write arbitrary files on the system, typically resulting in remote command execution.
Zipped (compressed) files take up less storage space and can be transferred to other computers more quickly than uncompressed files. In Windows, you work with zipped files and folders in the same way that you work with uncompressed files and folders.
Maybe
zip zipslip.zip ../../../../../../../../tmp/evil.sh
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
