Use when performing penetration testing targeting path traversal and file inclusion vulnerabilities. Keywords: path traversal, directory traversal, LFI, RFI, file read, file write, dot-dot-slash, null byte, symlink attack, zip slip
Installation
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Case 1: IBM — Path Traversal Vulnerability found on IBM Cloud
严重度: Critical | CWE: Path Traversal
摘要: The path traversal vulnerability on IBM Cloud was reported by an external researcher, analyzed, and remediated. The vulnerability has been addressed.
Case 2: Basecamp — Arbitrary write in the application's data folder and arbitrary read of server's replies from 3rd party apps.
严重度: High | CWE: Path Traversal
摘要: A path traversal vulnerability was found in the Android app com.basecamp.bc3 version 3.26.3, allowing an attacker to write arbitrary files in the app's private directory. Additionally, the attacke...
Case 3: ExpressionEngine — Non-authenticated path traversal leading to arbitrary file read
严重度: High | CWE: Path Traversal
摘要: Non-authenticated path traversal leading to arbitrary file read. Insufficient user input filtering resulted in arbitrary file read by non-authenticated attacker, leading to sensitive information discl...
Case 4: Internet Bug Bounty — Path traversal by monkey-patching Buffer internals
严重度: High | CWE: Path Traversal
摘要: In Node.js 20 and 21, a path traversal vulnerability was introduced due to the ability to monkey-patch Buffer internals. By overwriting Buffer.prototype.utf8Write, an attacker could bypass the path re...
Case 5: Internet Bug Bounty — Path traversal through path stored in Uint8Array in Node.js 20
严重度: High | CWE: Path Traversal
摘要: A path traversal vulnerability was discovered in Node.js 20 through paths stored in Uint8Array objects. The vulnerability allowed bypassing path sanitization protections and reading arbitrary files ou...
Case 6: Internet Bug Bounty — Permission model improperly protects against path traversal in Node.js 20
严重度: High | CWE: Path Traversal
摘要: A path traversal vulnerability was introduced in Node.js 20 due to insufficient patching of CVE-2023-30584. The vulnerability arises because the permission model implementation does not protect itself...
Case 7: Internet Bug Bounty — (CVE-2023-32004) Permission model bypass by specifying a path traversal sequence in a Buffer
严重度: High | CWE: Path Traversal
摘要: A vulnerability was discovered in Node.js version 20, specifically within the experimental permission model. It allowed for a bypass of the permission model by specifying a path traversal sequence in ...
Case 8: Mozilla — Mozilla VPN Clients: RCE via file write and path traversal
严重度: High | CWE: Path Traversal
摘要: The report describes a path traversal vulnerability in the Mozilla VPN client software that allowed for remote code execution. The vulnerability was found in the "live_reload" command of the client's ...
Case 9: Node.js — Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()
严重度: High | CWE: Path Traversal
摘要: An incomplete fix has been identified for a vulnerability affecting Windows device names in the path.normalize() function in Node.js. The vulnerability allows path traversal protection to be bypasse...
Case 10: Node.js — Path traversal by monkey-patching Buffer internals
严重度: High | CWE: Path Traversal
摘要: A path traversal vulnerability was introduced in the experimental permission model in Node.js 20 and 21 by monkey-patching Buffer internals. This allowed modification of the result of path.resolve(), ...