with one click
strix
Strix 路径穿越与文件包含测试手册,覆盖本地/远程文件访问与代码执行链;触发名:strix-path-traversal-lfi-rfi
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
Strix 路径穿越与文件包含测试手册,覆盖本地/远程文件访问与代码执行链;触发名:strix-path-traversal-lfi-rfi
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
| name | Strix•路径穿越与文件包含 |
| description | Strix 路径穿越与文件包含测试手册,覆盖本地/远程文件访问与代码执行链;触发名:strix-path-traversal-lfi-rfi |
Improper file path handling and dynamic inclusion enable sensitive file disclosure, config/source leakage, SSRF pivots, and code execution. Treat all user-influenced paths, names, and schemes as untrusted; normalize and bind them to an allowlist or eliminate user control entirely.
Path Traversal
../, encoding, normalization gapsLocal File Inclusion (LFI)
Remote File Inclusion (RFI)
Archive Extraction
Normalization Mismatches
Unix
/etc/passwd, /etc/hosts, application .env/config.yamlWindows
C:\Windows\win.ini, IIS/web.config, programdata configs, application logsApplication
file, path, template, include, page, view, download, export, report, log, dir, theme, lang../../etc/hosts and C:\Windows\win.ini%2e%2e%2f, %252e%252e%252f, ..%2f, ..%5c, mixed UTF-8 (%c0%2e), Unicode dots and slashes..../, ..\\, ././, trailing dot/double dot segments; repeated decoding/etc/passwd, C:\Windows\System32\drivers\etc\hosts/static/..;/../etc/passwd ("..;"), encoded slashes (%2F), double-decoding via upstreaminclude() warnings with real filesystem locationsEncodings
Mixed Separators
/ and \\ on Windows; // and \\\\ collapse differences across frameworksDot Tricks
....// (double dot folding), trailing dots (Windows), trailing slashes, appended valid extensionAbsolute Path Injection
Alias/Root Mismatch
../ to escape/static/../etc/passwd and ";" variants (..;)Upstream vs Backend Decoding
%2f differently; test double-decoding and encoded dotsPHP Wrappers
php://filter/convert.base64-encode/resource=index.php (read source)zip://archive.zip#file.txtdata://text/plain;base64expect:// (if enabled)Log/Session Poisoning
Upload Temp Names
Proc and Caches
/proc/self/environ and framework-specific caches for readable secretsLegacy Tricks
%00) truncation in older stacks; path length truncationRequirements
allow_url_include/allow_url_fopen in PHP)Protocol Handlers
Exploitation
../ or absolute paths escape target extract directory/etc/hosts) with a same-endpoint in-root controlphp://filter base64 of index.php)../ entries and show write outside target (e.g., marker file read back)%2f and %2e encodingsphp://filter base64 probes over destructive payloads; enumerate readable logs and sessions../ chainsEliminate user-controlled paths where possible. Otherwise, resolve to canonical paths and enforce allowlists, forbid remote schemes, and lock down interpreters and extractors. Normalize consistently at the boundary closest to IO.
面向中文用户和新手的统一入口,保持原有两种模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想先理清题意、又不想自己先判断何时该切到工具链或漏洞专项的场景;触发名:ctf-beginner-hub
面向 CTF 新手与综合题的统一总控 skill。保持原有两种主模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想边做边学、又不想自己先判断何时切换到工具链或漏洞专项的场景;触发名:ctf-super-hub
Strix JWT 与 OIDC 安全测试手册,覆盖令牌伪造、算法混淆与声明篡改;触发名:strix-authentication-jwt
给中文用户和新手用的 Strix Lite 统一入口:先判断该用哪一个 strix-* 工具或漏洞测试 skill,再给最小化起手步骤;适合在 Web 安全测试、工具链使用、漏洞验证时不知道先用哪个 Strix skill 的场景;触发名:strix-beginner-hub
Strix 功能级授权缺陷测试手册,覆盖操作级权限失效、管理功能越权与 API 操作绕过;触发名:strix-broken-function-level-authorization
Strix 业务逻辑漏洞测试手册,覆盖流程绕过、状态操控与领域约束破坏;触发名:strix-business-logic