lotp
lotp copied to clipboard
Published
20 hours ago •
boostsecurityio
boostsecurityio
[LOTP] Add unzip
Description of the LOTP tool
unzip is a common UNIX utility to decompression *.zip files
zipslip
When used with certain flags it can lead to zip slip (https://security.snyk.io/research/zip-slip-vulnerability)
As documented in man page (https://linux.die.net/man/1/unzip), the -: flag disables security feature added since the early 2000s that would disallow extracting ../ relative paths
