WebZip

S C E N A R I O
A web service allows users to upload ZIP archives, which are automatically extracted on the server and displayed in a file listing interface. Each extracted file is rendered with a download link. The system is intended to safely preview user-uploaded archives, but improper handling of symbolic links during extraction introduces a critical vulnerability.

An attacker previously exploited this service and successfully accessed /flag.txt. Your task is to understand how this was achieved and reproduce the attack.

O B J E C T I V E
Analyze the ZIP upload and extraction mechanism to identify insecure handling of symbolic links. Exploit ZIP symlink behavior to achieve local file read (LFI) and retrieve the contents of /flag.txt.

Infrastructure Web Application with ZIP Upload and Extraction Feature
Provided Files None (Live Web Service)
Tools Browser, zip CLI
Flag Format Flag{}