WFUZZ

i need help at WFUZZ fuzzing when you are at authenticated page .

For example i bypassed a login page and after login page i found a post parameter which is vulnerable to sql injection , so how i can use this in this condition ?

Comments

  • Usually, you should have cookies assigned to you that identify you to the webserver. So, you could simply use wfuzz -b cookie=value1 -b cookie2=value2 ... to test with your authenticated session.


    Hack The Box
    GREM | OSCE | GASF | eJPT

Sign In to comment.