This repo contains a simple web server that accepts ZIP files, extracts them, and returns their contents. It has a vulnerability that permits exfiltration of local files.
It is highly recommended to run the server in Docker, since its behavior will be dependent on the specific
decompression tools installed on your system. The provided Docker Compose script
expects an environment variable FLAG
to be set, the contents of which will be written to flag.txt
in the
same directory as the server.py
script in the container. This is the flag that the attacker will attempt
to exfiltrate.
$ env FLAG=ThisIsTheFlag docker-compose up --build
This will automatically run the server and bind it to port 8080 on the host. You can then connect to the server in your web browser, here.
With the knowledge that it may behave slightly differently, the server can be run locally (e.g., to make debugging easier) by first installing the requirements:
$ pip install -r requirements.txt
and then either executing it via Uvicorn
$ uvicorn --port 8080 --host 0.0.0.0 server:app
or directly via Python
$ python3 server.py
The web server's landing page, index.html
, has more information.
In the Docker container, all the files in this directory is copied to /server/
.
All the server code is in a single Python file: /server/server.py. When started, it does two things:
- If the
FLAG
environment variable is set, and if/server/flag.txt
does not exist, then it saves the contents of theFLAG
environmment variable to/server/flag.txt
- Creates the directory
/server/uploads/
, if it does not already exist
When a new ZIP extraction request is handled, the following steps occur:
- A new temporary directory is created in
/server/uploads/
- The ZIP is saved to
/server/uploads/[TEMPDIR]/[ZIPFILE]
- The file is confirmed to be a ZIP by running
zipfile.is_zipfile
; if not, then an HTTP error 415 is returned - A new temporary directory is created:
/server/uploads/[TEMPDIR]/[SECOND_TEMPDIR]/
- The ZIP is extracted into
[SECOND_TEMPDIR]
using the patool library'sextract_archive
function - The server traverses all the extracted files and serializes their names and contents to a JSON dictionary; any files that cannot be decoded in UTF-8 are Base64 encoded
This code was created by Evan Sultanik and is licensed and distributed under the AGPLv3 license.