value parameter fuzzing is performed after fuzzing a working parameter. the objective is to fuzz the correct value that would return the content needed.
When it comes to fuzzing parameter values, pre-made wordlist that would work may not be available as each parameter would expect a certain type of value. for some parameters such as usernames. pre-made wordlist for potential usernames the seclists directory may contain values matching the target's parameter. you can also create your own based on users that may potentially be using the website. In other cases such as custom parameters used by the target, you may have to develop our own wordlist
#create a custom wordlist for the 'id' parameter
root@oco:~$ for i in $(seq 1 1000); do echo $i >> ids.txt; done
* when creating custom wordlist, think of the different format that can be used.
root@oco:~$ cat ids.txt
#fuzzing for values
root@oco:~$ ffuf -w ids.txt:FUZZ -u http://{subdomain}.{targetSite.tld}:{port}/{directory}/{page}.{extension} -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded'
root@oco:~$ ffuf -w ids.txt:FUZZ -u http://{subdomain}.{targetSite.tld}:{port}/{directory}/{page}.{extension} -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx
* this cmd should be similar to the post cmd used for parameter fuzzing. the only
difference is the placement of the FUZZ keyword
root@oco:~$ root@oco:~$ curl http://{subdomain}.{targetSite.tld}:{port}/{directory}/{page}.{extension} -X POST -d '{id}={value}' -H 'Content-Type: application/x-www-form-urlencoded'
* e.g., curl http://admin.academy.htb:36400/admin/admin.php -X POST -d 'id=73' -H 'Content-Type: application/x-www-form-urlencoded'
