path-traversal-lfi
CommunityMaster path traversal and LFI assessments.
Software Engineering#web-security#rce#lfi#security-assessment#path-traversal#exploit-chain#php-wrapper
AuthorYliken
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Path traversal and Local File Inclusion (LFI) exploitation playbook for expert security testing. It covers encoding bypass sequences, PHP wrappers, and RCE escalation paths to demonstrate and validate filesystem exposure in web applications.
Core Features & Use Cases
- Enumerates traversal variants (URL encoding, double encoding, overlong UTF-8) to bypass filters and access sensitive files.
- Demonstrates LFI-to-RCE techniques via log poisoning, PHP wrappers (php://input, data://, phar/zip), and php://filter chains.
- Provides guidance for testing across Linux and Windows targets, with guardrails and safe-practice scenarios.
Quick Start
Test path traversal and LFI vectors in a target application by chaining common wrappers and encoding techniques to reveal sensitive files.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: path-traversal-lfi Download link: https://github.com/Yliken/ai4/archive/main.zip#path-traversal-lfi Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.