文件访问与上传漏洞路由

v20260506

file-access-vuln

这是一个用于系统性测试文件访问、下载端点和文件上传流程的路由指南。适用于验证文件路径、检测本地文件包含（LFI），或分析文件预览、存储和提取流程中的漏洞。可帮助确定漏洞是路径遍历问题还是数据处理链问题。

文件访问文件上传漏洞路径遍历 LFI 下载存储

248 次下载

概览

File Access Router

This is the routing entry point for filesystem paths, download endpoints, upload pipelines, and file preview handling.

Parameters, filenames, download endpoints, or import flows influence file paths
The target supports upload, preview, transcoding, extraction, sharing, download, or proxied file access
You need to decide whether this is path traversal/LFI or an upload-validation/processing-chain issue

Path Traversal LFI: path traversal, file read, wrapper abuse, include chains
Upload Insecure Files: upload validation, storage paths, processing chains, overwrite risk, preview/share boundaries

First identify whether the entry point is a path parameter, download endpoint, or upload workflow
Then locate whether the issue appears in accept, store, process, or serve stages
Small path-chain and upload-bypass samples are merged into the main topic skills; no separate payload entry is needed

信息

Category 编程开发

Name file-access-vuln

版本 v20260506

大小 1.44KB

Source yaklang/hack-skills

更新时间 2026-05-08