<< All versions
Skill v1.0.1
currentAutomated scan100/100transilienceai/communitytools/server-side
+2 new
──Details
PublishedJune 6, 2026 at 05:30 PM
Content Hashsha256:e93a6032bc4ad07d...
Git SHA0f06ed314493
Bump Typepatch
──Files
Files (1 file, 1.9 KB)
SKILL.md1.9 KBactive
SKILL.md · 40 lines · 1.9 KB
version: "1.0.1" name: server-side description: Server-side vulnerability testing - SSRF, HTTP Request Smuggling, Path Traversal, File Upload, Insecure Deserialization, and Host Header injection.
Server-Side
Test for server-side vulnerabilities that allow unauthorized access, RCE, or data exfiltration.
Techniques
| Type | Key Vectors | |
|---|---|---|
| SSRF | Internal service access, cloud metadata, protocol smuggling | |
| HTTP Smuggling | CL.TE, TE.CL, TE.TE, CL.0, H2.CL, h2c, multi-layer proxy chains, connection pooling desync | |
| Path Traversal | Directory traversal, null bytes, encoding bypass | |
| File Upload | Extension bypass, content-type manipulation, polyglot files | |
| Deserialization | Java, PHP, Python, .NET gadget chains | |
| Host Header | Password reset poisoning, cache poisoning, routing-based SSRF | |
| CUPS / cups-browsed | CVE-2024-47076/47175/47176/47177 — UDP browse → IPP injection → PPD injection → foomatic-rip RCE (see skills/infrastructure/reference/scenarios/network-recon/cups-browsed-rce.md) |
Workflow
- Identify server-side processing points
- Test for vulnerability class indicators
- Bypass protections (WAF, allowlists, encoding filters)
- Demonstrate impact (file read, RCE, internal access)
- Capture evidence with PoC
Reference
reference/scenarios/ssrf/*.md- SSRF techniques and labsreference/http-request-smuggling*.md- Smuggling techniquesreference/scenarios/path-traversal/*.md- Path traversal bypass methodsreference/file-upload*.md- File upload exploitationreference/insecure-deserialization*.md- Deserialization attacksreference/http-host-header*.md- Host header injectionskills/infrastructure/reference/scenarios/network-recon/cups-browsed-rce.md- CUPS RCE chain (CVE-2024-47076/175/176/177); ipptool false positives vs libcups runtime parser; ippserver Python lib version-1.1 hardcode bug