SecureZip

S C E N A R I O
A Flask-based web application provides a file upload feature that accepts ZIP archives and extracts them on the server. After extraction, the contents are displayed through a dynamically generated file tree interface. However, the extraction logic does not properly handle malicious archive structures, allowing attackers to abuse filesystem features such as symbolic links. This can potentially lead to unauthorized file access and sensitive data exposure if ZIP contents are not properly validated before or after extraction.

O B J E C T I V E
Analyze the Flask application source code and identify weaknesses in the ZIP extraction and file handling process. Implement secure validation to prevent symbolic link exploitation and ensure safe extraction of uploaded archives while ensuring proper retrieval of the flag. Go to /challenge/ and you will have access to a machine that has the source code of an app running in preview. Fix it to get the flag.Don't forget to read the rules. Flag Format : Flag{}

Infrastructure Python / Flask Web Application (ZIP File Upload & Extraction Service)
Provided Files SecureZip.tar.gz
Flag Format Flag{}