> For the complete documentation index, see [llms.txt](https://www.hackbook.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.hackbook.io/reconnaissance/web-server/directory-and-file-enumeration/fuzzing.md).

# Fuzzing

## Fuzzing a directory:

`#`<mark style="color:green;">`wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404 http://10.10.10.194:8080/manager/FUZZ`</mark>

## Fuzzing Params:

### SQLi Param Fuzzing:

Check to see if logic works in params.\
Example: `/room.php?cod=1` and if we do `/room.php?cod=80` we get a page back that does not show a room at all. Then we try something like 3-2 and we get room 1. So we know we can manipulate the sql statement somewhat. At this point to autopwn hop over to [sqlmap](/web-application-hacking/web-techniques/sqli/hacking-sql/sqlmap.md).

#### wfuzz to param fuzz:

`#`<mark style="color:green;">`wfuzz -u http://10.10.10.143/room.php?cod=FUZZ -w /usr/share/seclists/Fuzzing/SQLi/Generic-SQLi.txt`</mark>\
you can then grep for the interesting file lengths using <mark style="color:yellow;">-v</mark> to exclude the errors.

In this case we fuzz special characters to see what get read by the DB.&#x20;

`#`<mark style="color:green;">`wfuzz -u http://10.10.10.143/room.php?cod=1FUZZ -w /usr/share/seclists/Fuzzing/special-chars.txt > sqliSpecialChars.txt`</mark>\
notice that we left the '1' and fuzz behind it to help us see what is hitting and missing. <br>
