1
id: fuzz-query-num
2

3
info:
4
  name: Fuzz Query Param For IDOR
5
  author: pdteam
6
  severity: info
7
  description: Query Value Fuzzing using Fuzzing Rules
8

9
http:
10
  - pre-condition:
11
      - type: dsl
12
        dsl:
13
          - 'len(query) > 0'
14
    # below filter is related to integration testing 
15
      - type: word
16
        part: path
17
        words:
18
          - /blog/post
19
    pre-condition-operator: and
20

21
    payloads:
22
      nums:
23
        - 200
24
        - 201
25
    
26
    fuzzing:
27
      - part: query
28
        type: replace
29
        mode: multiple
30
        values: 
31
          - "^[0-9]+$" # only if value is number
32
        fuzz:
33
          - '{{nums}}'
34

35
    matchers:
36
      - type: status
37
        status: 
38
          - 200      
39
    
40

41