Getting ready

Using OWASP Mutillidae II as our target application, let's manipulate the value of the phpfile parameter to determine whether we can make a call to a direct object reference on the system, such as /etc/passwd file.

Get Burp Suite Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.