Can this skill help with vulnerability remediation?

Yes, it provides specific secure coding examples in PHP and Python, demonstrating techniques like path canonicalization and whitelist validation to prevent attacks.

Which tools are recommended to use alongside this skill?

The skill is designed to complement industry-standard tools such as Burp Suite, OWASP ZAP, cURL, and fuzzing utilities like ffuf or wfuzz.

What is file path traversal testing?

It is a security testing process used to identify vulnerabilities that allow an attacker to read or access files on a server outside of the intended web directory by manipulating file paths.

Does it include payloads for Windows systems?

Yes, the skill contains specific target file lists and traversal sequences optimized for both Linux and Windows environments, including access to win.ini and system32 files.

How does it handle Web Application Firewall (WAF) bypasses?

It includes advanced techniques like double URL encoding, overlong UTF-8 sequences, and nested traversal patterns (e.g., ....//) designed to bypass simple pattern-matching filters.

File Path Traversal Testing

Name: File Path Traversal Testing
Author: boisenoise

byboisenoise

0•

보안 및 테스팅

Identifies and tests directory traversal and Local File Inclusion (LFI) vulnerabilities to secure web application filesystems.

This skill provides a comprehensive framework for security professionals and developers to detect, test, and remediate file path traversal vulnerabilities. It guides users through the entire testing lifecycle—from identifying vulnerable parameters like ?file= or ?path= to employing advanced bypass techniques such as double encoding, null byte injection, and PHP wrapper exploitation. By utilizing standardized Linux and Windows target file lists, the skill helps evaluate the impact of unauthorized file access and provides actionable remediation guidance, including secure coding patterns for PHP and Python to prevent directory traversal at the source.

주요 기능

01Secure coding remediation templates for PHP and Python environments

02Automated identification of common file-handling parameters and vulnerable endpoints

03LFI to RCE escalation techniques using log poisoning and PHP wrappers

04Advanced bypass strategies for WAFs, blacklists, and extension validation filters

050 GitHub stars

06Extensive payload library for Linux and Windows filesystem traversal sequences

사용 사례

01Performing security audits and penetration tests on web application file handlers

02Assessing the potential impact of misconfigured web servers and directory permissions

03Validating input sanitization and path validation logic in backend APIs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add boisenoise/skills-collections antigravity-file-path-traversal

For use in Claude.ai and ChatGPT

Download Skill