Does this support both Linux and Windows environments?

Absolutely. The skill provides specific target file paths and traversal patterns optimized for both Linux (e.g., /etc/passwd) and Windows (e.g., win.ini) filesystems.

What is a file path traversal vulnerability?

It is a security flaw where an application uses user input to construct a file path without proper validation, allowing attackers to access files and directories outside the intended web root.

What tools are recommended for use with this skill?

The skill guides you in using professional security tools such as Burp Suite, OWASP ZAP, cURL, ffuf, and wfuzz for automated and manual testing.

Can this skill help me fix vulnerabilities?

Yes, it includes a dedicated prevention section offering secure coding examples in PHP and Python using path canonicalization, validation, and whitelisting.

How does it handle filter bypasses?

It provides methodologies for bypassing filters using URL encoding, double encoding, null byte injection, and nested traversal sequences like '....//'.

File Path Traversal Security Testing

Name: File Path Traversal Security Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

安全与测试

Provides a comprehensive framework for identifying, testing, and remediating directory traversal and Local File Inclusion (LFI) vulnerabilities in web applications.

This skill equips Claude with a structured methodology for security professionals and developers to detect file path traversal vulnerabilities. It covers everything from mapping vulnerable parameters and executing basic payloads to advanced bypass techniques for filters, null byte injections, and encoding variations. By guiding users through both manual and automated testing using tools like Burp Suite or ffuf, and offering remediation strategies like path canonicalization and whitelisting, it ensures a robust approach to securing filesystem access in modern web environments.

主要功能

01Identification of vulnerable file-handling parameters and web endpoints

02Secure coding recommendations and remediation patterns for multiple languages

03Platform-specific target file lists for both Linux and Windows systems

040 GitHub stars

05Step-by-step guides for LFI to RCE escalation via log poisoning and PHP wrappers

06Advanced bypass techniques for filters, encoding, and extension validation

使用场景

01Implementing secure file-handling logic during the software development lifecycle

02Conducting security audits to identify unauthorized file access risks

03Testing web application firewalls (WAF) against sophisticated traversal payloads

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front file-path-traversal

For use in Claude.ai and ChatGPT

Download Skill