ZIP Symlink Vulnerability

What is Symlink?

A symlink (also called a symbolic link) is a type of file in Linux that points to another file or a folder on your computer. Symlinks are similar to shortcuts in Windows

There are two types of symlinks

Soft and Hard Link

A symbolic or soft link is an actual link to the original file, whereas a hard link is a mirror copy of the original file. If you delete the original file, the soft link has no value, because it points to a non-existent file. But in the case of hard links, it is entirely the opposite. Even if you delete the original file, the hard link will still have the data of the original file. Because hard link acts as a mirror copy of the original file

For know more about the symlink please visit:

https://ostechnix.com/explaining-soft-link-and-hard-link-in-linux-with-examples/

What is ZIP SYMLINK Vulnerability?

An archive can contain a symbolic link. A symbolic link is a special file that links to another file. By uploading a zip containing a symbolic link, and after the zip is extracted, you can access the symbolic link to gain access to files that you should not get access to. To do so, you need to get your symbolic link to point to files outside of the web root, for example /etc/passwd.

These type of issues are typically found when a developer allowing to accept zip file in our upload functionality. When a user uploads the zip file in the application then it simply takes the zip file and extracts its files without any validations.

HACK STEPS: -

Create a symlink like ln -s /etc/passwd etc