vaule-and-parameter-fuzzing

Fuzz a URL parameter to access a protected page

Get URL key fuzzing

ffuf -w /opt/useful/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://"$domain":PORT/admin/admin.php?FUZZ=key -fs  222

Post data value fuzzing (numbers)

ffuf -X POST -u http://"$domain":58706/admin/admin.php -w num.list -d 'username=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded'

Post-Data fuzzing

Key fuzzing

ffuf -u http://"$domain":58706/admin/admin.php -w /usr/share/seclists/Discovery/web-content/burp-parameters.txt -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded'

Value fuzzing

ffuf -u http://"$domain":58706/admin/admin.php -w num.list -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded'

Previous2. Server-Side Template Injection (SSTI)Nextxml-rpc-attacks

Last updated 15 hours ago

hashtagFuzz a URL parameter to access a protected page

hashtagGet URL key fuzzing

hashtagPost data value fuzzing (numbers)

hashtagPost-Data fuzzing

hashtagKey fuzzing

hashtagValue fuzzing

Fuzz a URL parameter to access a protected page

Get URL key fuzzing

Post data value fuzzing (numbers)

Post-Data fuzzing

Key fuzzing

Value fuzzing