path-traversal-lfi

SKILL.md

SKILL: Path Traversal / Local File Inclusion (LFI) — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert path traversal and LFI techniques. Covers encoding bypass sequences, OS differences, filter bypass, PHP wrapper exploitation, log poisoning to RCE, and the critical distinction between path traversal (read only) vs LFI (execution). Base models miss encoding chains and RCE escalation paths.

0. RELATED ROUTING

Before deep exploitation, you can first load:

upload insecure files when the primary attack surface is an upload workflow rather than an include or read primitive

ghost-bits-cast-attack when the target is a Java backend (Spring, Jetty, Undertow, Vert.x) and standard ../, %2e%2e, %252e chains are WAF-blocked — Ghost Bits substitutes . with 阮 (U+962E) and / with 阯 (U+962F), re-enabling traversal through Spring CVE-2025-41242 and Jetty %2> hex-folding

First-pass traversal chains