Zip Slip Vulnerability in File Extraction #7
Description
Description :
Zip Slip is a path traversal vulnerability that occurs when a program extracts files from a ZIP archive without validating the internal file paths. An attacker can include file names containing ../, causing extracted files to escape the intended directory. This can allow overwriting important system files, corrupting application data, or enabling remote code execution.
CVE-2018-1002200 is a specific instance of Zip Slip affecting Plexus Archiver, a Java library used by various tools to unpack ZIP files. Versions prior to 3.6.0 did not validate ZIP entry paths before extraction. A malicious ZIP could include a path such as: ../../../../etc/passwd
When extracted, Plexus Archiver would write that file outside the target directory, making the application vulnerable to arbitrary file overwrite.
Proposal :
I propose writing a secure coding case study on CVE-2018-1002200 in Plexus Archiver.
The case study will:
• Explain how path traversal occurs during ZIP extraction
• Show examples of malicious ZIP entries used in real attacks
• Walk through the vulnerable code in Plexus Archiver 3.5
• Demonstrate how the vulnerability allowed file overwrite outside the extraction directory
• Describe the fix introduced in version 3.6.0, including canonical path validation
• Provide secure coding practices such as using canonical paths, rejecting unsafe file names, and validating extraction destinations
References :