File Path Traversal Security Testing

概要

This skill provides a structured methodology for detecting and exploiting file path traversal vulnerabilities in web applications. It guides users through identifying vulnerable parameters, applying various bypass techniques—such as URL encoding, double encoding, and null bytes—and escalating vulnerabilities from Local File Inclusion (LFI) to Remote Code Execution (RCE). It serves as a comprehensive resource for security audits, providing detailed target file lists for Linux and Windows environments alongside essential remediation guidance to help developers secure filesystem APIs.

主な機能

• Secure coding recommendations and remediation patterns for developers
• Automated testing strategies for tools like Burp Suite and ffuf
• Advanced bypass techniques for filters, blacklists, and validation
• 0 GitHub stars
• Step-by-step LFI to RCE escalation workflows including log poisoning
• Comprehensive Linux and Windows filesystem target checklists

ユースケース

• Performing a security audit on web applications that handle dynamic file loading
• Validating the effectiveness of input sanitization filters against directory traversal
• Training developers and security researchers on LFI exploitation and prevention