I need some help here. I was able to find the parameter. After that I tried the LFI-Jhaddix.txt wordlist but I was not able to find anyting.
ffuf -ic -c -w /usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt -u http://bla.htb:32219/index.php?parameter=FUZZ -fs 1935
I don’t know how to go further.
Hey, it looks like you are on the right track. You are changing the index.php?parameter= to the parameter name you found right?
Feel free to DM me.
-onthesauce
Hello, friends. I’m kind of stuck on this exercise too.
I kind of found an open parameter too.
But when I’m phasing the payload, according to the suggested list of words, I can’t find a single path.
And I already doubt that my parameter is correct.