killchain-compendium/misc/PayloadsAllTheThings/Upload Insecure Files/Zip Slip
Stefan Friese 4427517c17 bump 2022-05-31 21:08:28 +02:00
..
README.md bump 2022-05-31 21:08:28 +02:00

README.md

Zip Slip

The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../shell.php). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victims machine.

Summary

Detection

  • Any zip upload page on the application

Tools

Exploits

Basic Exploit

python evilarc.py shell.php -o unix -f shell.zip -p var/www/html/ -d 15

Additional Notes

References