Parameter Fuzzing
Using what you learned in this section, run a parameter fuzzing scan on this page. what is the parameter accepted by this webpage?
First of all, edit the /etc/hosts file and add the admin.academy.htb VHost. Otherwise you'll get stuck forever in this exercise.
Let's make sure we add the option -fs 798at the end to avoid an output like this:
Let's gather what we learn in this lesson and use the following command:
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://admin.academy.htb:31472/admin/admin.php?FUZZ=key -fs 798
And the application responded with the user parameter!
Last updated