An attacker can hide a "path traversal" payload (like ../../tmp/malware ) that only the Extractor sees, effectively slipping it past the security check. Why It’s a Problem for Developers
This technique is often used to bypass security filters, such as a scanner that "sees" a safe text file while an extraction tool "sees" and executes a malicious script. File: Schizophrenia.zip ...
Never trust a pre-extraction check. You must validate the destination path of every file at the exact moment it is being written to the disk. An attacker can hide a "path traversal" payload (like
You can find detailed breakdowns of these attacks on security blogs like iSEC's Disguises Zip Past Path Traversal or Slideshare's Schizophrenic Files V2 . You must validate the destination path of every
If the "Checker" and the "Extractor" use different libraries (like ZipFile vs ZipInputStream in Java), they might interpret the ZIP's internal headers differently.