If you find a page that does nothing, fuzz for hidden parameters.
ffuf -u http://10.10.10.200/api/v1/status?user_id=FUZZ -w numbers.txt -mr 'admin'
HTB machine “FuzzingBox” – IP 10.10.11.150, port 80.
Weaknesses
Fuzzing to find hidden parameters like ?debug=true or ?admin=1 .
If you find a page that does nothing, fuzz for hidden parameters.
ffuf -u http://10.10.10.200/api/v1/status?user_id=FUZZ -w numbers.txt -mr 'admin' htb skills assessment - web fuzzing
HTB machine “FuzzingBox” – IP 10.10.11.150, port 80. If you find a page that does nothing,
Weaknesses
Fuzzing to find hidden parameters like ?debug=true or ?admin=1 . htb skills assessment - web fuzzing