Introduction to Web Fuzzing Web fuzzing is used when a site does not link to hidden pages or does not expose anything useful through normal navigation. The technique sends many controlled inputs to an interface to see how the server responds. In some notes, the Spanish verb for fuzzing is translated as borrar, but the actual goal is discovery. When you do this correctly, you can reveal directories, pages, subdomains, and parameters that are not linked anywhere. ...
Introduction to LFI Local File Inclusion (LFI) happens when a web app loads a file based on user input without strict validation. This usually appears in template engines and dynamic page loaders that read content based on a parameter like ?language=es. If the path is not restricted, an attacker can read arbitrary local files such as /etc/passwd, and in some cases LFI can lead to remote code execution. Modern apps often use parameters to reduce duplicate templates and keep routing simple. That pattern becomes dangerous when the parameter controls the file path directly. Testing starts by identifying the parameter and then trying known local files. ...