Does it include automated tool integration?

Yes, it provides guidance and command-line examples for using popular security tools like Burp Suite, ffuf, and wfuzz with specific traversal wordlists.

Can this skill help prevent vulnerabilities?

Absolutely, it includes a dedicated phase for remediation measures, providing secure coding examples in PHP and Python to validate and sanitize file paths.

Can it help escalate LFI to RCE?

Yes, the skill covers advanced techniques like log poisoning, proc/self/environ injection, and PHP wrapper exploitation to move from file reading to remote code execution.

Does it cover both Linux and Windows environments?

Yes, the skill includes specific target file paths and traversal patterns for both Linux and Windows operating systems.

What is the primary purpose of this skill?

It provides a comprehensive methodology for identifying and testing file path traversal vulnerabilities that could allow unauthorized access to server files.

File Path Traversal Testing

Name: File Path Traversal Testing
Author: claudiodearaujo

byclaudiodearaujo

Seguridad y Pruebas

Identifies and exploits directory traversal and local file inclusion (LFI) vulnerabilities through comprehensive testing methodologies and bypass techniques.

Acerca de

This skill provides a structured, step-by-step approach to security auditing for file path traversal vulnerabilities. It guides users through mapping vulnerable parameters, applying advanced bypass techniques—such as double encoding and null byte injection—and identifying high-value system files on both Linux and Windows platforms. Beyond discovery, the skill assists in assessing impact through LFI-to-RCE escalation techniques and provides production-ready remediation guidance to secure file system APIs against unauthorized access.

Características Principales

0 GitHub stars
Secure coding templates for PHP and Python remediation
Detailed workflows for log poisoning and PHP wrapper exploitation
Targeted wordlists for sensitive Linux and Windows system files
Automated identification of vulnerable file-handling parameters
Comprehensive bypass library for filters, extensions, and base-path validation

Casos de Uso

Auditing legacy source code for improper filesystem input validation
Performing penetration tests on web applications with file download or inclusion features
Learning advanced exploitation and bypass techniques for security research and education

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter file-path-traversal

For use in Claude.ai and ChatGPT

Download Skill

GitHub