LOTP
unzip
References
unzip is a widely used archiver.
Zip Slip
If unzip uses -: and forces overwrite with -o or accepts overwrite automatically using another custom method, it is vulnerable to Zip Slip, where a malicious archive can overwrite files in any parent directories. It can be used to:
- Poison the source code
- Replace an executable or a config file which can lead to RCE
To create a malicious archive:
zip zipslip.zip ../../../../../../bin/sh
To poison:
unzip -: -o zipslip.zip