Yes I’ve read forums that says Forward Slash (/) is invalid character in a file name since it being File Separator in Windows and *nix based machines. But Without creating such an exploit file, I think attacks like ZipSlip won’t be possible, Isn’t it?
Most Zip Slip attacks involve creating an File with a slash character and when languages like Java use File IO with ZipEntry name, writes to some directory other than intended. So how is this possible?
Ref : https://snyk.io/research/zip-slip-vulnerability