Web Methodology
Test for File inclusion
Check for file inclusion parameters
ffuf -w /home/francis/HTB/SecLists-master/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u 'https://blog.coinhako.com/ghost/api/content?FUZZ=value'
amass enum -d url
Test different Change request methods
Test for LFI/RFI payloads with bypass
Test for XSS
<script>alert(window.origin)</script>
<img src="" onerror=alert(window.origin)>
<script>print()</script>
Last updated