Value Fuzzing

maheto · September 11, 2024, 9:00pm

can someone help me with this question:
Try to create the ‘ids.txt’ wordlist, identify the accepted value with a fuzzing scan, and then use it in a ‘POST’ request with ‘curl’ to collect the flag. What is the content of the flag?

i have the id, but when I curl with this command:
curl http://admin.academy.htb:54659/admin/admin.php -X POST -d ‘id=73’ -H ‘Content-Type: application/x-www-form-urlencoded’

it tells me that I don’t have access to the flag

b2k · September 12, 2024, 2:45pm

Hi,
don’t know which task you mean but you either:

Should use cookie (if you are able to login)
Bypass the security (exploit, LFI, etc.)

serenity100 · December 6, 2024, 4:53am

curl -X POST -d “id=73” http://admin.academy.htb:30746/admin/admin.php
i just used this command and get the flag

Topic		Replies	Views
WEB FUZZING Skills Assessment Academy noob , academy	2	142	August 28, 2024
Help With Question -> Proxies/ZAP Fuzzer Academy help	27	5152	December 1, 2024
Academy Web Attacks Skills Assesment Academy	44	6521	December 16, 2024
Attacking web applications with ffuf Academy help	10	2451	December 2, 2024
FFUF value/parameter scanning Off-topic academy , ffuf	16	5866	October 12, 2023

Value Fuzzing

Related topics