This Python script exploits a path traversal vulnerability in Express Zip <= 2.40 by creating a malicious ZIP file that extracts a file to an arbitrary location (e.g., C:\POC.txt) when extracted. The exploit leverages improper validation of '..\' sequences in the ZIP file's internal paths.
Classification
Working Poc 100%
Target:
Express Zip <= 2.40
No auth needed
Prerequisites:
Express Zip <= 2.40 installed on the target system · User interaction to extract the malicious ZIP file