# vaule-and-parameter-fuzzing

## Fuzz a URL parameter to access a protected page

#### Get URL key fuzzing

```
ffuf -w /opt/useful/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://"$domain":PORT/admin/admin.php?FUZZ=key -fs  222
```

#### Post data value fuzzing (numbers)

```
ffuf -X POST -u http://"$domain":58706/admin/admin.php -w num.list -d 'username=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded'
```

***

## Post-Data fuzzing

#### Key fuzzing

```
ffuf -u http://"$domain":58706/admin/admin.php -w /usr/share/seclists/Discovery/web-content/burp-parameters.txt -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded'
```

#### Value fuzzing

```
ffuf -u http://"$domain":58706/admin/admin.php -w num.list -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded'
```