ZipSlip is a critical security vulnerability that can occur during file extraction processes from zip files. This vulnerability arises when an application mishandles the paths included within a zip file, enabling attackers to conduct directory traversal attacks.
This project serves as a demonstration and tool to assess and understand the ZipSlip vulnerability in javascript programming languages and express.js frameworks.
The ZipSlip Vulnerability Checker provides vulnerable code snippets in Node.js, PHP, and C#, showcasing how the vulnerability can be introduced during the file extraction process from a zip archive. It aims to raise awareness and educate developers on handling zip file extractions securely.
To set up and run the project locally:
- Clone this repository.
- Install dependencies:
npm install - Start the application:
npm start
The application provides examples of vulnerable code snippets in different programming languages that could lead to ZipSlip vulnerabilities. Users can view these code snippets to understand how the vulnerability is introduced and avoid similar mistakes in their applications.
If you prefer Docker, you can build and run the project within a Docker container:
docker build -t zipslip-vulnerability .docker run -p 3000:3000 zipslip-vulnerabilityhttps://infosecwriteups.com/zip-slip-vulnerability-064d46ca42e5