-
Just like what I described in https://github.com/jthack/ffufai/issues/3
we can see both the URL and headers parameters are susceptible to RCE. For instance, a custom header could include any system c…
-
The additional techniques described here:
https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/
Could be applied to iis_shortnames/ffuf_shortnames modules
Thanks @amiremami fo…
-
2024-06-03 09:59:55,308 [INFO] executors.py:612 -- ExecutorID f4e85c-0 - Cleaning temporary data
Encountered a bad command exit code!
Command: '/go/bin/ffuf -u /tmp/infile'
Exit code: 127
St…
-
Keypoints:
- /site: 301 in FFUF/feroxbuster result but actually we can access it
- allow_url_fopen, allow_url_include, LFI, RFI
- [PE]replace exe under backup dir.
-
Keypoints:
- wpscan didn:t give useful info
- FFUF find /filemanager path, access with admin:admin, upload a reverse shell php file and find dora credentails info
- [PE] disk group
-
### keypoints:
- FTP brute-force
`hydra -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt ftp://192.168.243.183`
- [PE] PwnKit Vulnerability (CVE-2021–4034) --…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Current Behavior
In Ubuntu 22.04, both update from 2.1.3 to 2.2.0 AND install by script install.sh got this er…
-
FFUF will transparently fix headers to have the "correct" case, as per the RFC. This makes fuzzing non-RFC compliant servers with FFUF a problem.
This is due to net/http behaviour where headers get…
-
ÿØÿî
JPG fuzz does not work, ffuf is always converting... i can see the results in proxy.... I have to manually send ÿØÿî for the request to be sucessful
fuff converts the magic code to ÿÃÃ…
-
[Ffuf](https://github.com/ffuf/ffuf) is as fuzzing tool written in GoLang. It is very fast and outputs in a myriad of formats. Has a very robust matching system and can also be used for due care testi…