Skip to main content
在 Manus 中运行任何 Skill
一键导入

path-traversal-and-file-inclusion

星标2
分支1
更新时间2026年7月9日 12:42

SAST detection methodology for path traversal and file inclusion (CWE-22, CWE-98, CWE-73), including ../ traversal, absolute-path override, encoded/ double-encoded/Unicode/null-byte bypasses, LFI→RCE via PHP wrappers and log poisoning, RFI, zip slip, symlink following, and unconfined sendFile. Use when reviewing code that opens, serves, includes, or extracts a file whose path is influenced by input. Writes findings to findings/25-path-traversal-and-file-inclusion.md.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

SKILL.md
readonly