Compétences File Path Traversal Testing
🔒

File Path Traversal Testing

Risque moyen 📁 AccĂšs au systĂšme de fichiers⚙ Commandes externes🌐 AccĂšs rĂ©seau

Test for Path Traversal Vulnerabilities

Web applications often have vulnerabilities that allow attackers to read arbitrary files through path traversal attacks. This skill provides comprehensive testing methodologies to identify and document these security gaps during authorized penetration testing.

Prend en charge: Claude Codex Code(CC)
⚠ 66 MĂ©diocre
1

Télécharger le ZIP du skill

2

Importer dans Claude

Allez dans ParamĂštres → CapacitĂ©s → Skills → Importer un skill

3

Activez et commencez Ă  utiliser

Tester

Utilisation de "File Path Traversal Testing". Test the endpoint /image?filename= for path traversal vulnerabilities

RĂ©sultat attendu:

Identified traversal point. Test payloads: ../../../etc/passwd returns system user list, confirming vulnerability. Impact: Can read application configuration files and potentially credentials.

Utilisation de "File Path Traversal Testing". Application strips ../ from input. What bypass techniques work?

RĂ©sultat attendu:

Try nested traversal: ....// becomes ../ after stripping. Try URL encoding: %2e%2e%2f. Try mixed separators: ..\..\/..\. Test double encoding: %252e%252e%252f.

Audit de sécurité

Risque moyen
v1 ‱ 2/24/2026

This skill contains educational content about path traversal vulnerability testing. Static analysis detected 246 patterns related to path traversal, external commands, and network access - these are documented attack payloads and testing examples for authorized security testing, not executable malicious code. The skill includes prevention measures and secure coding guidance. Recommended for publication with appropriate usage warnings about authorized testing only.

1
Fichiers analysés
487
Lignes analysées
3
résultats
1
Total des audits

Facteurs de risque

📁 Accùs au systùme de fichiers (3)
SKILL.md:53 SKILL.md:102-117 SKILL.md:204-270
⚙ Commandes externes (3)
SKILL.md:67-87 SKILL.md:289-310 SKILL.md:319-355
🌐 AccĂšs rĂ©seau (2)
SKILL.md:116-117 SKILL.md:289-310
Audité par: claude

Score de qualité

38
Architecture
100
Maintenabilité
87
Contenu
50
Communauté
65
Sécurité
74
Conformité aux spécifications

Ce que vous pouvez construire

Penetration Testing Engagement

Security professionals testing client web applications for path traversal vulnerabilities during authorized assessments.

Developer Security Training

Development teams learning about path traversal vulnerabilities to write more secure code and understand attack vectors.

Bug Bounty Research

Bug bounty hunters systematically testing web applications for file inclusion vulnerabilities within program scope.

Essayez ces prompts

Basic Traversal Testing 
I need to test a web application for path traversal vulnerabilities. The application has a file download feature at /download?file=. Help me identify test payloads and a systematic testing approach.
Encoded Payload Generation 
Generate a list of URL-encoded and double-encoded path traversal payloads to bypass input validation filters. Include both Linux and Windows style paths.
LFI to RCE Assessment 
I found a potential LFI vulnerability. Explain the techniques for escalating from local file inclusion to remote code execution, including log poisoning and PHP wrapper exploitation.
Remediation Review 
Review this code snippet for path traversal vulnerabilities and provide specific remediation recommendations with secure code examples.

Bonnes pratiques

  • Always obtain written authorization before testing any system you do not own
  • Document all findings with evidence including request/response pairs and screenshots
  • Test in staging environments before production when possible to minimize risk
  • Follow responsible disclosure practices when reporting vulnerabilities

Éviter

  • Never access or exfiltrate sensitive personal data during authorized testing
  • Do not attempt exploitation beyond what is necessary to prove vulnerability
  • Avoid testing production systems without explicit scope approval
  • Do not use automated tools without understanding their impact on target systems

Foire aux questions

Is this skill legal to use?
This skill is for authorized security testing only. You must have explicit written permission from the system owner before testing. Unauthorized testing is illegal in most jurisdictions.
What is the difference between LFI and path traversal?
Path traversal is the technique of using ../ sequences to escape intended directories. LFI (Local File Inclusion) is the vulnerability class that allows including local files, often via path traversal.
Why can't I read /etc/shadow on the target?
The shadow file requires root privileges to read. If the web application runs as a standard user, it cannot access files that user cannot read. This is expected behavior.
What tools does this skill work with?
This skill provides guidance that works alongside tools like Burp Suite, OWASP ZAP, curl, ffuf, and wfuzz for comprehensive path traversal testing.
How do I know if my test was successful?
Look for response content differences, HTTP status code changes, or recognizable file content like /etc/passwd entries. Blind traversal may require time-based or error-based detection.
Can this skill prevent path traversal vulnerabilities?
This skill includes secure coding guidance showing how to prevent path traversal through input validation, path canonicalization, and whitelist approaches.

Détails du développeur

Auteur

sickn33

Licence

MIT

DĂ©pĂŽt

https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/file-path-traversal

RĂ©f

main

Structure de fichiers

📄 SKILL.md