원클릭으로
strix
Strix 路径穿越与文件包含测试手册,覆盖本地/远程文件访问与代码执行链;触发名:strix-path-traversal-lfi-rfi
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Strix 路径穿越与文件包含测试手册,覆盖本地/远程文件访问与代码执行链;触发名:strix-path-traversal-lfi-rfi
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | Strix•路径穿越与文件包含 |
| description | Strix 路径穿越与文件包含测试手册,覆盖本地/远程文件访问与代码执行链;触发名:strix-path-traversal-lfi-rfi |
Improper file path handling and dynamic inclusion enable sensitive file disclosure, config/source leakage, SSRF pivots, and code execution. Treat all user-influenced paths, names, and schemes as untrusted; normalize and bind them to an allowlist or eliminate user control entirely.
Path Traversal
../, encoding, normalization gapsLocal File Inclusion (LFI)
Remote File Inclusion (RFI)
Archive Extraction
Normalization Mismatches
Unix
/etc/passwd, /etc/hosts, application .env/config.yamlWindows
C:\Windows\win.ini, IIS/web.config, programdata configs, application logsApplication
file, path, template, include, page, view, download, export, report, log, dir, theme, lang../../etc/hosts and C:\Windows\win.ini%2e%2e%2f, %252e%252e%252f, ..%2f, ..%5c, mixed UTF-8 (%c0%2e), Unicode dots and slashes..../, ..\\, ././, trailing dot/double dot segments; repeated decoding/etc/passwd, C:\Windows\System32\drivers\etc\hosts/static/..;/../etc/passwd ("..;"), encoded slashes (%2F), double-decoding via upstreaminclude() warnings with real filesystem locationsEncodings
Mixed Separators
/ and \\ on Windows; // and \\\\ collapse differences across frameworksDot Tricks
....// (double dot folding), trailing dots (Windows), trailing slashes, appended valid extensionAbsolute Path Injection
Alias/Root Mismatch
../ to escape/static/../etc/passwd and ";" variants (..;)Upstream vs Backend Decoding
%2f differently; test double-decoding and encoded dotsPHP Wrappers
php://filter/convert.base64-encode/resource=index.php (read source)zip://archive.zip#file.txtdata://text/plain;base64expect:// (if enabled)Log/Session Poisoning
Upload Temp Names
Proc and Caches
/proc/self/environ and framework-specific caches for readable secretsLegacy Tricks
%00) truncation in older stacks; path length truncationRequirements
allow_url_include/allow_url_fopen in PHP)Protocol Handlers
Exploitation
../ or absolute paths escape target extract directory/etc/hosts) with a same-endpoint in-root controlphp://filter base64 of index.php)../ entries and show write outside target (e.g., marker file read back)%2f and %2e encodingsphp://filter base64 probes over destructive payloads; enumerate readable logs and sessions../ chainsEliminate user-controlled paths where possible. Otherwise, resolve to canonical paths and enforce allowlists, forbid remote schemes, and lock down interpreters and extractors. Normalize consistently at the boundary closest to IO.
面向中文用户和新手的统一入口,保持原有两种模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想先理清题意、又不想自己先判断何时该切到工具链或漏洞专项的场景;触发名:ctf-beginner-hub
面向 CTF 新手与综合题的统一总控 skill。保持原有两种主模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想边做边学、又不想自己先判断何时切换到工具链或漏洞专项的场景;触发名:ctf-super-hub
Strix JWT 与 OIDC 安全测试手册,覆盖令牌伪造、算法混淆与声明篡改;触发名:strix-authentication-jwt
给中文用户和新手用的 Strix Lite 统一入口:先判断该用哪一个 strix-* 工具或漏洞测试 skill,再给最小化起手步骤;适合在 Web 安全测试、工具链使用、漏洞验证时不知道先用哪个 Strix skill 的场景;触发名:strix-beginner-hub
Strix 功能级授权缺陷测试手册,覆盖操作级权限失效、管理功能越权与 API 操作绕过;触发名:strix-broken-function-level-authorization
Strix 业务逻辑漏洞测试手册,覆盖流程绕过、状态操控与领域约束破坏;触发名:strix-business-logic