upload-insecure-files
OfficialTest insecure file upload workflows end-to-end.
Software Engineering#vulnerability#parsing#upload#rce#security-testing#validation-bypass#storage-abuse
Authoryaklang
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Insecure file upload features create risk when validation, storage, and processing boundaries are misconfigured; this Skill helps testers identify and chain upload vulnerabilities from acceptance to processing and serving, including real-world scenarios and parsing pipelines referenced by SCENARIOS.md.
Core Features & Use Cases
- Validation bypass testing across extension handling, MIME types, and content-based checks
- Storage-path abuse and overwrite risks across multi-tenant or shared storage setups
- Processing-chain evaluation for parsing, conversion, scanning, and rendering
- Real-world use cases include CVE patterns like WebLogic, Tomcat, and Flink file upload chains, plus end-to-end upload-to-RCE scenarios Use Case: Simulate an upload flow in a multi-tenant web app to identify where defenses fail and how compromises propagate.
Quick Start
Run an end-to-end upload test using the companion SCENARIOS.md to validate accept, store, process, and serve stages.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: upload-insecure-files Download link: https://github.com/yaklang/hack-skills/archive/main.zip#upload-insecure-files Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.