How did I get 3300$ With Just FFUF!!
By searching inside one of the Bitcoin platforms I found there a place to document accounts by sending documents such as ID or passport with Selfie )
I decided to upload a picture and send a request to Burp so that I know where to upload it And as I expected, he got my picture link within the same domain like this:- https://test.com/portal/api/uploads/241241451252/content
I changed the last number which is the `id` of the uploaded image And I didn’t get anything
I decided to use #FFUF
I made a random number containing six ranks And named num6.txt Time TO FUZZ I use : ffuf -w num6.txt -u https://test.com/portal/api/uploads/{number}FUZZ/content -mc 200
And I’ve got files uploaded by users on the site that include IDs and passports about 3GB
It took me only 10 minutes with a very easy idea, but cleverly Happy Hackin
