Input Parameters

Input parameters are values sent through URLs that websites use to process user requests, often seen in GET and POST requests. Identifying these parameters is crucial in bug bounty hunting, as they can reveal vulnerabilities like SQL injection, XSS, or IDOR. This guide outlines techniques to efficiently discover input parameters using tools like Arjun and custom wordlist generation from web archives.

Enumerating Input Parameters

arjun -u $URL -t 10

Generating Custom Wordlist

The following command searches Web Archives for URL parameters (identified by =) across all subdomains. It then removes duplicate parameters:

echo $domain | gau | unfurl --unique keys

Last updated

Was this helpful?