This extension provides a customizable payload generator, suitable for detecting a variety of file path vulnerabilities in file upload and download functionality:
- File upload vulnerable to path traversal with the upload directory located inside the document root.
- File upload vulnerable to path traversal with the upload directory outside the document root.
- File upload not vulnerable to path traversal, but having the upload directory is inside of the document root, with no direct links to the uploaded file exposed by the application.
- Local file inclusion/arbitrary file read vulnerable to path traversal with non-recurrent filters involved.
|Author||Julian Horoszkiewicz, Pentest Ltd.|
|Last updated||28 June 2018|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.