Value Fuzzing

Try to create the 'ids.txt' wordlist, identify the accepted value with a fuzzing scan, and then use it in a 'POST' request with 'curl' to collect the flag. What is the content of the flag?

As suggested, we'll create a custom ids.txt file to fuzz the application

for i in $(seq 1 1000); do echo $i >> ids.txt; done                                                                                                     

We'll then fuzz the application with our custom wordlist with the following command:

After we successfully fuzzed the application, as the image above shows, we found a working id.

Now, all we have to do is send a curl command to see the content of the page:

And we found our flag!