Ive been reading over some of the web security news recently and came across the “zip slip expoit”. Now this has been repopulated by many “security blogs” as a vulnerability with some major flaws in the understandings
Ok a exploit is something that shouldnt be achievable but is through some method. Path traversal is not an exploit and the new skool IT generations IMHO need to get more in tune with what they are working with.
So this new skool vulnerability consists of an archive can extract to ../../../ and they thinks thats an exploit. Its kind of worrying on the people who consider themselves experts in these fields cant understand what ../ is.
Path traversal does not constitute a vulnerability. From a current working directory ../../../somepath makes no difference than the archive containg c:\windows/system32\*
And from the security perspective these are user actions so can only be controlled by the users account.
./ is current directory and ../ is parent directory , you windows users should know that from DOS?