file-upload-bypass
OfficialBypass file upload restrictions for RCE.
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers bypass file upload restrictions on web applications to achieve code execution or other impacts on the target server.
Core Features & Use Cases
- Bypass Various Validations: Circumvents extension checks, content-type validation, magic byte inspection, and server-side processing.
- Exploit Server Configurations: Leverages
.htaccess,web.config, and other server-specific files to enable malicious file execution. - Archive Exploitation: Utilizes ZIP path traversal and null byte filename truncation to plant webshells.
- Use Case: You've identified a file upload endpoint on a target web server. Use this Skill to test and exploit various bypass techniques to upload a webshell and gain command execution.
Quick Start
Use the file-upload-bypass skill to attempt bypassing file upload restrictions on the target URL 'http://example.com/upload'.
Dependency Matrix
Required Modules
exiftoolffuf
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: file-upload-bypass Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#file-upload-bypass Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.