Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
PHP ZIP file attempted to use the zip-slip-vulnerability. Extraction aborted
  • sosekisoseki
    Do you know why I am getting this error?

    PHP ZIP file attempted to use the zip-slip-vulnerability. Extraction aborted
  • HarroHarro
    Accepted Answer
    You're trying to extract from a zipfile that uses this vulnerability. It means that the zip contains file entries using ".." in the path. Examine the zip with a commandline tool without unpacking it.

    For example, the zip could contain the file "../../../../../../../../../../etc/passwd". With the old code, no matter where you wanted to extract the zip, it would attempt to overwrite your password file (if on linux).
  • sosekisoseki
    Thanks for quick response.
    I guess it dose not contain such a thing.
    It is because zip file is created on windows 10 and owner of zip file created just folder and put pdf files into it and zip it.
    Well... I will check it out tomorrow.
  • HarroHarro
    You can easlly debug it, find the error message in the code, and dump both the calculated path and the realpath.

    You get this error if the extract would create a file outside the path you want to extract the zip to.
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion