input vector enum (a systematic evaluation of each input vector)
Vector where it can be exploited
Example of Path Traversal:- http://some_site.com.br/../../../../etc/shadow
more examples here:- https://owasp.org/www-community/attacks/Path_Traversal
how to find path Traversal➖
methodology ➖
waybackurls http://some_site.com.br/ | gf | grep "file="
waybackurls http://some_site.com.br/ | gf
waybackurls http://some_site.com.br/
once we get the required parameter we can move forward and use burpsuite to temper or brute force the parameters or we can also use ffuf for parameter fuzzing.
ffuf -u url/parameter=FUZZ -w /payload:FUZZ -mc 200 301
Testing methods